
<!doctype html>
<html lang="en-US">
<head>
	<meta charset="UTF-8">
	<meta http-equiv="x-ua-compatible" content="ie=edge">
	<meta name="viewport" content="width=device-width, initial-scale=1">
	<link rel="profile" href="http://gmpg.org/xfn/11">
	<meta name="google-site-verification" content="woFGOBDXdYqOInoJ8yXHyUdw08AF-tC-0jmKv5r24WQ" />

	<!--[if lt IE 9]>
		<script src="https://cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.3/html5shiv.min.js"></script>
	<![endif]-->

	<link rel="preconnect" href="//in.hotjar.com" crossorigin>
<link rel="preconnect" href="//jukebox.pathfactory.com" crossorigin>
<link rel="dns-prefetch" href="//okt.to" crossorigin>
<link rel="dns-prefetch" href="//www.facebook.com" crossorigin>
<link rel="dns-prefetch" href="//connect.facebook.net" crossorigin>
<link rel="dns-prefetch" href="//service.force.com" crossorigin>
<link rel="dns-prefetch" href="//d.la3-c1-ph2.salesforceliveagent.com" crossorigin>
<link rel="dns-prefetch" href="//ib.adnxs.com" crossorigin>
<link rel="dns-prefetch" href="//pixel.advertising.com" crossorigin>
<link rel="dns-prefetch" href="//ups.analytics.yahoo.com" crossorigin>
<link rel="dns-prefetch" href="//pixel.rubiconproject.com" crossorigin>
		<!-- connect to domain of font files -->
    <link rel="preconnect" href="https://fonts.googleapis.com">
    <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
    <!-- async CSS -->
    <link rel="stylesheet" media="print" onload="this.media='all';" href="https://fonts.googleapis.com/css?family=Lato:300,400,400i,700,900&display=swap" >
    <link rel="stylesheet" media="all" href="https://fonts.googleapis.com/css2?family=Jost:wght@400;500;700&family=Lexend+Deca:wght@400;500;600;700;800&display=swap">

	<!-- no-JS fallback -->
	<noscript>
		<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Lato:300,400,400i,700,900&display=swap">
	</noscript>
	<script>dataLayer = [];</script>
		<script defer>(function (w, d, s, l, i) { w[l] = w[l] || []; w[l].push({'gtm.start': new Date().getTime(), event: 'gtm.js'}); var f = d.getElementsByTagName(s)[0], j = d.createElement(s), dl = l != 'dataLayer' ? '&l=' + l : ''; j.async = true; j.src = 'https://www.googletagmanager.com/gtm.js?id=' + i + dl; f.parentNode.insertBefore(j, f); })(window, document, 'script', 'dataLayer', 'GTM-KHGG4KL');</script>
			<script type="text/javascript">
			(function(j,u,k,e,b,o,x){j["pfObject"]=b;j[b]=j[b]||function(){
				(j[b].q=j[b].q||[]).push(arguments)},j[b].l=1*new Date();o=u.createElement(k),
				x=u.getElementsByTagName(k)[0];o.async=1;o.src=e;x.parentNode.insertBefore(o,x)
			})(window,document,"script", "https://cdn-app.pathfactory.com/production/jukebox/current/jukebox.js" ,"pf");
			pf("create", "LB-727F1CFC-10479");
		</script>
		<meta name='robots' content='index, follow, max-image-preview:large, max-snippet:-1, max-video-preview:-1' />

	<!-- This site is optimized with the Yoast SEO plugin v20.10 - https://yoast.com/wordpress/plugins/seo/ -->
	<title>Cloud Defense in Depth: Lessons from the Kinsing Malware &ndash; Sysdig</title>
	<meta name="description" content="Organizations should prioritize cloud defense in depth. With a strong security plan, you can lay a foundation for a secure cloud environment." />
	<link rel="canonical" href="https://sysdig.com/blog/cloud-defense-in-depth/" />
	<meta property="og:locale" content="en_US" />
	<meta property="og:type" content="article" />
	<meta property="og:title" content="Cloud Defense in Depth: Lessons from the Kinsing Malware &ndash; Sysdig" />
	<meta property="og:description" content="Organizations should prioritize cloud defense in depth. With a strong security plan, you can lay a foundation for a secure cloud environment." />
	<meta property="og:url" content="https://sysdig.com/blog/cloud-defense-in-depth/" />
	<meta property="og:site_name" content="Sysdig" />
	<meta property="article:publisher" content="https://www.facebook.com/Sysdig415/" />
	<meta property="article:published_time" content="2023-07-04T15:00:00+00:00" />
	<meta property="article:modified_time" content="2023-07-04T12:05:50+00:00" />
	<meta property="og:image" content="https://sysdig.com/wp-content/uploads/Defense-in-Depth_1.png" />
	<meta property="og:image:width" content="1200" />
	<meta property="og:image:height" content="660" />
	<meta property="og:image:type" content="image/png" />
	<meta name="author" content="Nigel Douglas" />
	<meta name="twitter:card" content="summary_large_image" />
	<meta name="twitter:image" content="https://sysdig.com/wp-content/uploads/Defense-in-Depth_1.png" />
	<meta name="twitter:creator" content="@sysdig" />
	<meta name="twitter:site" content="@sysdig" />
	<script type="application/ld+json" class="yoast-schema-graph">{"@context":"https://schema.org","@graph":[{"@type":"Article","@id":"https://sysdig.com/blog/cloud-defense-in-depth/#article","isPartOf":{"@id":"https://sysdig.com/blog/cloud-defense-in-depth/"},"author":{"name":"Nigel Douglas","@id":"https://sysdig.com/#/schema/person/5a2dcd87c56211063836fbb24bd66828"},"headline":"Cloud Defense in Depth: Lessons from the Kinsing Malware","datePublished":"2023-07-04T15:00:00+00:00","dateModified":"2023-07-04T12:05:50+00:00","mainEntityOfPage":{"@id":"https://sysdig.com/blog/cloud-defense-in-depth/"},"wordCount":2935,"publisher":{"@id":"https://sysdig.com/#organization"},"image":{"@id":"https://sysdig.com/blog/cloud-defense-in-depth/#primaryimage"},"thumbnailUrl":"https://sysdig.com/wp-content/uploads/Defense-in-Depth_1.png","keywords":["AWS","Kubernetes","Sysdig Secure"],"articleSection":["AWS","Azure","IBM Cloud","Kubernetes","Sysdig Secure"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https://sysdig.com/blog/cloud-defense-in-depth/","url":"https://sysdig.com/blog/cloud-defense-in-depth/","name":"Cloud Defense in Depth: Lessons from the Kinsing Malware &ndash; Sysdig","isPartOf":{"@id":"https://sysdig.com/#website"},"primaryImageOfPage":{"@id":"https://sysdig.com/blog/cloud-defense-in-depth/#primaryimage"},"image":{"@id":"https://sysdig.com/blog/cloud-defense-in-depth/#primaryimage"},"thumbnailUrl":"https://sysdig.com/wp-content/uploads/Defense-in-Depth_1.png","datePublished":"2023-07-04T15:00:00+00:00","dateModified":"2023-07-04T12:05:50+00:00","description":"Organizations should prioritize cloud defense in depth. With a strong security plan, you can lay a foundation for a secure cloud environment.","breadcrumb":{"@id":"https://sysdig.com/blog/cloud-defense-in-depth/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https://sysdig.com/blog/cloud-defense-in-depth/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https://sysdig.com/blog/cloud-defense-in-depth/#primaryimage","url":"https://sysdig.com/wp-content/uploads/Defense-in-Depth_1.png","contentUrl":"https://sysdig.com/wp-content/uploads/Defense-in-Depth_1.png","width":1200,"height":660,"caption":"Exploring Defense in Depth: Lessons Learned from the Kinsing Malware"},{"@type":"BreadcrumbList","@id":"https://sysdig.com/blog/cloud-defense-in-depth/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://sysdig.com/"},{"@type":"ListItem","position":2,"name":"Cloud Defense in Depth: Lessons from the Kinsing Malware"}]},{"@type":"WebSite","@id":"https://sysdig.com/#website","url":"https://sysdig.com/","name":"Sysdig","description":"","publisher":{"@id":"https://sysdig.com/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https://sysdig.com/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https://sysdig.com/#organization","name":"Sysdig","url":"https://sysdig.com/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https://sysdig.com/#/schema/logo/image/","url":"https://sysdig.com/wp-content/uploads/sysdig-logo-social-share-2020.png","contentUrl":"https://sysdig.com/wp-content/uploads/sysdig-logo-social-share-2020.png","width":1200,"height":630,"caption":"Sysdig"},"image":{"@id":"https://sysdig.com/#/schema/logo/image/"},"sameAs":["https://www.facebook.com/Sysdig415/","https://twitter.com/sysdig","https://www.linkedin.com/company/sysdig","https://www.youtube.com/c/sysdig"]},{"@type":"Person","@id":"https://sysdig.com/#/schema/person/5a2dcd87c56211063836fbb24bd66828","name":"Nigel Douglas","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https://sysdig.com/#/schema/person/image/","url":"https://secure.gravatar.com/avatar/ef140a571edbfd7a45ecc672af456a7a?s=96&d=mm&r=g","contentUrl":"https://secure.gravatar.com/avatar/ef140a571edbfd7a45ecc672af456a7a?s=96&d=mm&r=g","caption":"Nigel Douglas"},"url":"https://sysdig.com/blog/author/nigel-douglas/"}]}</script>
	<!-- / Yoast SEO plugin. -->


<link rel='dns-prefetch' href='//www.google.com' />
<link rel="alternate" type="application/rss+xml" title="Sysdig &raquo; Feed" href="https://sysdig.com/feed/" />
<link rel="alternate" type="application/rss+xml" title="Sysdig &raquo; Comments Feed" href="https://sysdig.com/comments/feed/" />
<link rel='stylesheet' id='wp-components-css' href='https://sysdig.com/wp-includes/css/dist/components/style.min.css?ver=6.2.2' type='text/css' media='all' />
<link rel='stylesheet' id='wp-block-editor-css' href='https://sysdig.com/wp-includes/css/dist/block-editor/style.min.css?ver=6.2.2' type='text/css' media='all' />
<link rel='stylesheet' id='wp-nux-css' href='https://sysdig.com/wp-includes/css/dist/nux/style.min.css?ver=6.2.2' type='text/css' media='all' />
<link rel='stylesheet' id='wp-reusable-blocks-css' href='https://sysdig.com/wp-includes/css/dist/reusable-blocks/style.min.css?ver=6.2.2' type='text/css' media='all' />
<link rel='stylesheet' id='wp-editor-css' href='https://sysdig.com/wp-includes/css/dist/editor/style.min.css?ver=6.2.2' type='text/css' media='all' />
<link data-minify="1" rel='stylesheet' id='bynder_block-cgb-style-css-css' href='https://sysdig.com/wp-content/cache/min/1/wp-content/plugins/Bynder-Wordpress-5.9-Plugin/build/style-index.css?ver=1688759041' type='text/css' media='all' />
<style id='outermost-icon-block-style-inline-css' type='text/css'>
.wp-block-outermost-icon-block{display:flex;line-height:0}.wp-block-outermost-icon-block.has-border-color{border:none}.wp-block-outermost-icon-block .has-icon-color svg,.wp-block-outermost-icon-block.has-icon-color svg{color:currentColor}.wp-block-outermost-icon-block .has-icon-color:not(.has-no-icon-fill-color) svg,.wp-block-outermost-icon-block.has-icon-color:not(.has-no-icon-fill-color) svg{fill:currentColor}.wp-block-outermost-icon-block .icon-container{box-sizing:border-box}.wp-block-outermost-icon-block a,.wp-block-outermost-icon-block svg{height:100%;transition:all .1s ease-in-out;width:100%}.wp-block-outermost-icon-block a:hover{transform:scale(1.1)}.wp-block-outermost-icon-block .rotate-90 svg,.wp-block-outermost-icon-block.rotate-90 svg{transform:rotate(90deg)}.wp-block-outermost-icon-block .rotate-180 svg,.wp-block-outermost-icon-block.rotate-180 svg{transform:rotate(180deg)}.wp-block-outermost-icon-block .rotate-270 svg,.wp-block-outermost-icon-block.rotate-270 svg{transform:rotate(270deg)}.wp-block-outermost-icon-block .flip-horizontal svg,.wp-block-outermost-icon-block.flip-horizontal svg{transform:scaleX(-1)}.wp-block-outermost-icon-block .flip-vertical svg,.wp-block-outermost-icon-block.flip-vertical svg{transform:scaleY(-1)}.wp-block-outermost-icon-block .flip-vertical.flip-horizontal svg,.wp-block-outermost-icon-block.flip-vertical.flip-horizontal svg{transform:scale(-1)}.wp-block-outermost-icon-block .rotate-90.flip-horizontal svg,.wp-block-outermost-icon-block.rotate-90.flip-horizontal svg{transform:rotate(90deg) scaleX(-1)}.wp-block-outermost-icon-block .rotate-90.flip-vertical svg,.wp-block-outermost-icon-block.rotate-90.flip-vertical svg{transform:rotate(90deg) scaleY(-1)}.wp-block-outermost-icon-block .rotate-90.flip-horizontal.flip-vertical svg,.wp-block-outermost-icon-block.rotate-90.flip-horizontal.flip-vertical svg{transform:rotate(90deg) scale(-1)}.wp-block-outermost-icon-block .rotate-180.flip-horizontal svg,.wp-block-outermost-icon-block.rotate-180.flip-horizontal svg{transform:rotate(180deg) scaleX(-1)}.wp-block-outermost-icon-block .rotate-180.flip-vertical svg,.wp-block-outermost-icon-block.rotate-180.flip-vertical svg{transform:rotate(180deg) scaleY(-1)}.wp-block-outermost-icon-block .rotate-180.flip-horizontal.flip-vertical svg,.wp-block-outermost-icon-block.rotate-180.flip-horizontal.flip-vertical svg{transform:rotate(180deg) scale(-1)}.wp-block-outermost-icon-block .rotate-270.flip-horizontal svg,.wp-block-outermost-icon-block.rotate-270.flip-horizontal svg{transform:rotate(270deg) scaleX(-1)}.wp-block-outermost-icon-block .rotate-270.flip-vertical svg,.wp-block-outermost-icon-block.rotate-270.flip-vertical svg{transform:rotate(270deg) scaleY(-1)}.wp-block-outermost-icon-block .rotate-270.flip-horizontal.flip-vertical svg,.wp-block-outermost-icon-block.rotate-270.flip-horizontal.flip-vertical svg{transform:rotate(270deg) scale(-1)}

</style>
<style id='safe-svg-svg-icon-style-inline-css' type='text/css'>
.safe-svg-cover .safe-svg-inside{display:inline-block;max-width:100%}.safe-svg-cover svg{height:100%;max-height:100%;max-width:100%;width:100%}

</style>
<style id='sysdig-core-buttons-styles-inline-css' type='text/css'>
.wp-block-buttons .wp-block-button .wp-block-button__link{align-items:center;background-image:linear-gradient(#ffe24d,#ffe24d);border-radius:4px;color:var(--wp--preset--color--black);display:inline-flex;font-family:var(--wp--preset--font-family--lexend-deca);font-weight:600;letter-spacing:.1rem;position:relative;text-decoration:none;text-transform:uppercase;z-index:100}.wp-block-buttons .wp-block-button .wp-block-button__link:before{background-image:linear-gradient(90deg,#ffe24d 11.03%,#99cc7e 53.39%,#93e0f1 103.45%);border-radius:4px;content:"";display:block;height:100%;left:0;opacity:0;position:absolute;top:0;transition:opacity .2s;width:100%;z-index:-100}.wp-block-buttons .wp-block-button .wp-block-button__link:hover{text-decoration:none}.wp-block-buttons .wp-block-button .wp-block-button__link:hover:before{opacity:1}

/*# sourceMappingURL=buttons.css.map*/
</style>
<style id='sysdig-core-group-styles-inline-css' type='text/css'>
.is-sticky-page-wrapper{position:relative}@media (min-width:781px){.is-sticky-element-wrapper{bottom:0;max-width:367px;position:absolute;top:0;width:calc(33% - var(--wp--style--block-gap) - var(--wp--style--block-gap))}.editor-styles-wrapper .is-sticky-element-wrapper{width:100%}}.is-sticky-element{position:-webkit-sticky;position:sticky;top:calc(var(--navigation--height, 0px) + var(--wp-admin--admin-bar--height, 0px) + var(--wp--style--block-gap) + var(--banner-height, 0px));z-index:30}

/*# sourceMappingURL=group.css.map*/
</style>
<style id='global-styles-inline-css' type='text/css'>
body{--wp--preset--color--black: #171717;--wp--preset--color--cyan-bluish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--preset--color--light-green-cyan: #7bdcb5;--wp--preset--color--vivid-green-cyan: #00d084;--wp--preset--color--pale-cyan-blue: #8ed1fc;--wp--preset--color--vivid-cyan-blue: #0693e3;--wp--preset--color--vivid-purple: #9b51e0;--wp--preset--color--primary: #00abc7;--wp--preset--color--yellow: #ffe24d;--wp--preset--color--light-green: #99CC7E;--wp--preset--color--light-blue: #93E0F1;--wp--preset--color--medium-blue: #65CADA;--wp--preset--color--green: #22FDC8;--wp--preset--color--navy: #023A83;--wp--preset--color--blue: #023A83;--wp--preset--color--dark-blue: #0e1471;--wp--preset--color--error: #FF9C85;--wp--preset--color--cucumber: #77B755;--wp--preset--color--purple: #3E4FEC;--wp--preset--color--grey: #F9F9F9;--wp--preset--color--light-grey: #828282;--wp--preset--color--body-black: #3D4750;--wp--preset--color--transparent: transparent;--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple: linear-gradient(135deg,rgba(6,147,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradient(135deg,rgba(252,185,0,1) 0%,rgba(255,105,0,1) 100%);--wp--preset--gradient--luminous-vivid-orange-to-vivid-red: linear-gradient(135deg,rgba(255,105,0,1) 0%,rgb(207,46,46) 100%);--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray: linear-gradient(135deg,rgb(238,238,238) 0%,rgb(169,184,195) 100%);--wp--preset--gradient--cool-to-warm-spectrum: linear-gradient(135deg,rgb(74,234,220) 0%,rgb(151,120,209) 20%,rgb(207,42,186) 40%,rgb(238,44,130) 60%,rgb(251,105,98) 80%,rgb(254,248,76) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--wp--preset--gradient--luminous-dusk: linear-gradient(135deg,rgb(255,203,112) 0%,rgb(199,81,192) 50%,rgb(65,88,208) 100%);--wp--preset--gradient--pale-ocean: linear-gradient(135deg,rgb(255,245,203) 0%,rgb(182,227,212) 50%,rgb(51,167,181) 100%);--wp--preset--gradient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--gradient--black-to-blue: linear-gradient(249.13deg,#0e1270 3.45%,#000);--wp--preset--duotone--dark-grayscale: url('#wp-duotone-dark-grayscale');--wp--preset--duotone--grayscale: url('#wp-duotone-grayscale');--wp--preset--duotone--purple-yellow: url('#wp-duotone-purple-yellow');--wp--preset--duotone--blue-red: url('#wp-duotone-blue-red');--wp--preset--duotone--midnight: url('#wp-duotone-midnight');--wp--preset--duotone--magenta-yellow: url('#wp-duotone-magenta-yellow');--wp--preset--duotone--purple-green: url('#wp-duotone-purple-green');--wp--preset--duotone--blue-orange: url('#wp-duotone-blue-orange');--wp--preset--font-size--small: clamp(0.875rem, 0.875rem + ((1vw - 0.48rem) * 0.385), 1rem);;--wp--preset--font-size--medium: 20px;--wp--preset--font-size--large: clamp(1.125rem, 1.125rem + ((1vw - 0.48rem) * 0.577), 1.25rem);--wp--preset--font-size--x-large: clamp(1.25rem, 1.25rem + ((1vw - 0.48rem) * 0.962), 1.5rem);--wp--preset--font-size--x-small: clamp(.75rem, 0.75rem + ((1vw - 0.48rem) * 0.192), 0.875rem);--wp--preset--font-size--base: clamp(1rem, 1rem + ((1vw - 0.48rem) * 0.327), 1.125rem);--wp--preset--font-size--2-x-large: clamp(1.5rem, 1.5rem + ((1vw - 0.48rem) * 1.538), 1.875rem);--wp--preset--font-size--3-x-large: clamp(1.875rem, 1.875rem + ((1vw - 0.48rem) * 2.212), 2.25rem);--wp--preset--font-size--4-x-large: clamp(2.25rem, 2.25rem + ((1vw - 0.48rem) * 3.462), 3rem);--wp--preset--font-size--5-x-large: clamp(3rem, 3rem + ((1vw - 0.48rem) * 4), 3.75rem);--wp--preset--font-size--6-x-large: clamp(3.75rem, 3.75rem + ((1vw - 0.48rem) * 4.25), 4.5rem);--wp--preset--font-size--7-x-large: clamp(4.5rem, 4.5rem + ((1vw - 0.48rem) * 5), 6rem);--wp--preset--font-family--lexend-deca: 'Lexend Deca', sans-serif;--wp--preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5rem;--wp--preset--spacing--60: 2.25rem;--wp--preset--spacing--70: 3.38rem;--wp--preset--spacing--80: 5.06rem;--wp--preset--spacing--10-20: clamp( 10px, 5vw, 20px );--wp--preset--spacing--20-40: clamp( 20px, 5vw, 40px );--wp--preset--spacing--30-60: clamp( 30px, 5vw, 60px );--wp--preset--shadow--natural: 6px 6px 9px rgba(0, 0, 0, 0.2);--wp--preset--shadow--deep: 12px 12px 50px rgba(0, 0, 0, 0.4);--wp--preset--shadow--sharp: 6px 6px 0px rgba(0, 0, 0, 0.2);--wp--preset--shadow--outlined: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);--wp--preset--shadow--banner: -5px 10px 15px rgba(0, 0, 0, 0.11);--wp--custom--radius--medium: 0.625rem;--wp--custom--radius--large: 1rem;--wp--custom--color--concrete: #f2f2f2;}body { margin: 0;--wp--style--global--content-size: 800px;--wp--style--global--wide-size: 1200px; }.wp-site-blocks { padding-top: var(--wp--style--root--padding-top); padding-bottom: var(--wp--style--root--padding-bottom); }.has-global-padding { padding-right: var(--wp--style--root--padding-right); padding-left: var(--wp--style--root--padding-left); }.has-global-padding :where(.has-global-padding) { padding-right: 0; padding-left: 0; }.has-global-padding > .alignfull { margin-right: calc(var(--wp--style--root--padding-right) * -1); margin-left: calc(var(--wp--style--root--padding-left) * -1); }.has-global-padding :where(.has-global-padding) > .alignfull { margin-right: 0; margin-left: 0; }.has-global-padding > .alignfull:where(:not(.has-global-padding)) > :where([class*="wp-block-"]:not(.alignfull):not([class*="__"]),p,h1,h2,h3,h4,h5,h6,ul,ol) { padding-right: var(--wp--style--root--padding-right); padding-left: var(--wp--style--root--padding-left); }.has-global-padding :where(.has-global-padding) > .alignfull:where(:not(.has-global-padding)) > :where([class*="wp-block-"]:not(.alignfull):not([class*="__"]),p,h1,h2,h3,h4,h5,h6,ul,ol) { padding-right: 0; padding-left: 0; }.wp-site-blocks > .alignleft { float: left; margin-right: 2em; }.wp-site-blocks > .alignright { float: right; margin-left: 2em; }.wp-site-blocks > .aligncenter { justify-content: center; margin-left: auto; margin-right: auto; }.wp-site-blocks > * { margin-block-start: 0; margin-block-end: 0; }.wp-site-blocks > * + * { margin-block-start: 1.5rem; }body { --wp--style--block-gap: 1.5rem; }body .is-layout-flow > *{margin-block-start: 0;margin-block-end: 0;}body .is-layout-flow > * + *{margin-block-start: 1.5rem;margin-block-end: 0;}body .is-layout-constrained > *{margin-block-start: 0;margin-block-end: 0;}body .is-layout-constrained > * + *{margin-block-start: 1.5rem;margin-block-end: 0;}body .is-layout-flex{gap: 1.5rem;}body .is-layout-flow > .alignleft{float: left;margin-inline-start: 0;margin-inline-end: 2em;}body .is-layout-flow > .alignright{float: right;margin-inline-start: 2em;margin-inline-end: 0;}body .is-layout-flow > .aligncenter{margin-left: auto !important;margin-right: auto !important;}body .is-layout-constrained > .alignleft{float: left;margin-inline-start: 0;margin-inline-end: 2em;}body .is-layout-constrained > .alignright{float: right;margin-inline-start: 2em;margin-inline-end: 0;}body .is-layout-constrained > .aligncenter{margin-left: auto !important;margin-right: auto !important;}body .is-layout-constrained > :where(:not(.alignleft):not(.alignright):not(.alignfull)){max-width: var(--wp--style--global--content-size);margin-left: auto !important;margin-right: auto !important;}body .is-layout-constrained > .alignwide{max-width: var(--wp--style--global--wide-size);}body .is-layout-flex{display: flex;}body .is-layout-flex{flex-wrap: wrap;align-items: center;}body .is-layout-flex > *{margin: 0;}body{font-family: var(--wp--preset--font-family--jost);font-size: 1.25rem;line-height: 1.75rem;--wp--style--root--padding-top: 0px;--wp--style--root--padding-right: var(--wp--style--block-gap);--wp--style--root--padding-bottom: 0px;--wp--style--root--padding-left: var(--wp--style--block-gap);}a:where(:not(.wp-element-button)){color: #007bff;text-decoration: none;}a:where(:not(.wp-element-button)):hover{color: #0056b3;text-decoration: underline;}h1{font-family: var(--wp--preset--font-family--lexend-deca);font-size: 3.5rem;line-height: 3.75rem;}h2{font-family: var(--wp--preset--font-family--lexend-deca);font-size: 2.25rem;line-height: 3rem;}h3{font-family: var(--wp--preset--font-family--lexend-deca);font-size: 1.5rem;line-height: 1.875rem;}h4{font-family: var(--wp--preset--font-family--lexend-deca);}h5{font-family: var(--wp--preset--font-family--lexend-deca);}.wp-element-button, .wp-block-button__link{background-color: #32373c;border-width: 0;color: #fff;font-family: inherit;font-size: inherit;line-height: inherit;padding: calc(0.667em + 2px) calc(1.333em + 2px);text-decoration: none;}.has-black-color{color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-color{color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-color{color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-color{color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-color{color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-color{color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-color{color: var(--wp--preset--color--vivid-purple) !important;}.has-primary-color{color: var(--wp--preset--color--primary) !important;}.has-yellow-color{color: var(--wp--preset--color--yellow) !important;}.has-light-green-color{color: var(--wp--preset--color--light-green) !important;}.has-light-blue-color{color: var(--wp--preset--color--light-blue) !important;}.has-medium-blue-color{color: var(--wp--preset--color--medium-blue) !important;}.has-green-color{color: var(--wp--preset--color--green) !important;}.has-navy-color{color: var(--wp--preset--color--navy) !important;}.has-blue-color{color: var(--wp--preset--color--blue) !important;}.has-dark-blue-color{color: var(--wp--preset--color--dark-blue) !important;}.has-error-color{color: var(--wp--preset--color--error) !important;}.has-cucumber-color{color: var(--wp--preset--color--cucumber) !important;}.has-purple-color{color: var(--wp--preset--color--purple) !important;}.has-grey-color{color: var(--wp--preset--color--grey) !important;}.has-light-grey-color{color: var(--wp--preset--color--light-grey) !important;}.has-body-black-color{color: var(--wp--preset--color--body-black) !important;}.has-transparent-color{color: var(--wp--preset--color--transparent) !important;}.has-black-background-color{background-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-background-color{background-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-background-color{background-color: var(--wp--preset--color--white) !important;}.has-pale-pink-background-color{background-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-background-color{background-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-background-color{background-color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-background-color{background-color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-background-color{background-color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-background-color{background-color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-background-color{background-color: var(--wp--preset--color--vivid-purple) !important;}.has-primary-background-color{background-color: var(--wp--preset--color--primary) !important;}.has-yellow-background-color{background-color: var(--wp--preset--color--yellow) !important;}.has-light-green-background-color{background-color: var(--wp--preset--color--light-green) !important;}.has-light-blue-background-color{background-color: var(--wp--preset--color--light-blue) !important;}.has-medium-blue-background-color{background-color: var(--wp--preset--color--medium-blue) !important;}.has-green-background-color{background-color: var(--wp--preset--color--green) !important;}.has-navy-background-color{background-color: var(--wp--preset--color--navy) !important;}.has-blue-background-color{background-color: var(--wp--preset--color--blue) !important;}.has-dark-blue-background-color{background-color: var(--wp--preset--color--dark-blue) !important;}.has-error-background-color{background-color: var(--wp--preset--color--error) !important;}.has-cucumber-background-color{background-color: var(--wp--preset--color--cucumber) !important;}.has-purple-background-color{background-color: var(--wp--preset--color--purple) !important;}.has-grey-background-color{background-color: var(--wp--preset--color--grey) !important;}.has-light-grey-background-color{background-color: var(--wp--preset--color--light-grey) !important;}.has-body-black-background-color{background-color: var(--wp--preset--color--body-black) !important;}.has-transparent-background-color{background-color: var(--wp--preset--color--transparent) !important;}.has-black-border-color{border-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-border-color{border-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-border-color{border-color: var(--wp--preset--color--white) !important;}.has-pale-pink-border-color{border-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-border-color{border-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-border-color{border-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-border-color{border-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-border-color{border-color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-border-color{border-color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-border-color{border-color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-border-color{border-color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-border-color{border-color: var(--wp--preset--color--vivid-purple) !important;}.has-primary-border-color{border-color: var(--wp--preset--color--primary) !important;}.has-yellow-border-color{border-color: var(--wp--preset--color--yellow) !important;}.has-light-green-border-color{border-color: var(--wp--preset--color--light-green) !important;}.has-light-blue-border-color{border-color: var(--wp--preset--color--light-blue) !important;}.has-medium-blue-border-color{border-color: var(--wp--preset--color--medium-blue) !important;}.has-green-border-color{border-color: var(--wp--preset--color--green) !important;}.has-navy-border-color{border-color: var(--wp--preset--color--navy) !important;}.has-blue-border-color{border-color: var(--wp--preset--color--blue) !important;}.has-dark-blue-border-color{border-color: var(--wp--preset--color--dark-blue) !important;}.has-error-border-color{border-color: var(--wp--preset--color--error) !important;}.has-cucumber-border-color{border-color: var(--wp--preset--color--cucumber) !important;}.has-purple-border-color{border-color: var(--wp--preset--color--purple) !important;}.has-grey-border-color{border-color: var(--wp--preset--color--grey) !important;}.has-light-grey-border-color{border-color: var(--wp--preset--color--light-grey) !important;}.has-body-black-border-color{border-color: var(--wp--preset--color--body-black) !important;}.has-transparent-border-color{border-color: var(--wp--preset--color--transparent) !important;}.has-vivid-cyan-blue-to-vivid-purple-gradient-background{background: var(--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple) !important;}.has-light-green-cyan-to-vivid-green-cyan-gradient-background{background: var(--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan) !important;}.has-luminous-vivid-amber-to-luminous-vivid-orange-gradient-background{background: var(--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange) !important;}.has-luminous-vivid-orange-to-vivid-red-gradient-background{background: var(--wp--preset--gradient--luminous-vivid-orange-to-vivid-red) !important;}.has-very-light-gray-to-cyan-bluish-gray-gradient-background{background: var(--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray) !important;}.has-cool-to-warm-spectrum-gradient-background{background: var(--wp--preset--gradient--cool-to-warm-spectrum) !important;}.has-blush-light-purple-gradient-background{background: var(--wp--preset--gradient--blush-light-purple) !important;}.has-blush-bordeaux-gradient-background{background: var(--wp--preset--gradient--blush-bordeaux) !important;}.has-luminous-dusk-gradient-background{background: var(--wp--preset--gradient--luminous-dusk) !important;}.has-pale-ocean-gradient-background{background: var(--wp--preset--gradient--pale-ocean) !important;}.has-electric-grass-gradient-background{background: var(--wp--preset--gradient--electric-grass) !important;}.has-midnight-gradient-background{background: var(--wp--preset--gradient--midnight) !important;}.has-black-to-blue-gradient-background{background: var(--wp--preset--gradient--black-to-blue) !important;}.has-small-font-size{font-size: var(--wp--preset--font-size--small) !important;}.has-medium-font-size{font-size: var(--wp--preset--font-size--medium) !important;}.has-large-font-size{font-size: var(--wp--preset--font-size--large) !important;}.has-x-large-font-size{font-size: var(--wp--preset--font-size--x-large) !important;}.has-x-small-font-size{font-size: var(--wp--preset--font-size--x-small) !important;}.has-base-font-size{font-size: var(--wp--preset--font-size--base) !important;}.has-2-x-large-font-size{font-size: var(--wp--preset--font-size--2-x-large) !important;}.has-3-x-large-font-size{font-size: var(--wp--preset--font-size--3-x-large) !important;}.has-4-x-large-font-size{font-size: var(--wp--preset--font-size--4-x-large) !important;}.has-5-x-large-font-size{font-size: var(--wp--preset--font-size--5-x-large) !important;}.has-6-x-large-font-size{font-size: var(--wp--preset--font-size--6-x-large) !important;}.has-7-x-large-font-size{font-size: var(--wp--preset--font-size--7-x-large) !important;}.has-lexend-deca-font-family{font-family: var(--wp--preset--font-family--lexend-deca) !important;}
.wp-block-navigation a:where(:not(.wp-element-button)){color: inherit;}
.wp-block-pullquote{font-size: 1.5em;line-height: 1.6;}
.wp-block-code{background: var(--wp--preset--gradient--black-to-blue);border-radius: 11px;color: var(--wp--preset--color--white);font-family: Consolas, Courier, Monaco, monospace;font-weight: 300;line-height: 1.4;padding: 2rem;}
.wp-block-preformatted{background: var(--wp--preset--gradient--black-to-blue);border-radius: 11px;color: var(--wp--preset--color--white);font-family: Consolas, Courier, Monaco, monospace;font-weight: 300;line-height: 1.4;padding: 2rem;}
</style>
<link data-minify="1" rel='stylesheet' id='v4-sysdig-main-css' href='https://sysdig.com/wp-content/cache/min/1/wp-content/themes/sysdig/public/styles/main-v4.css?ver=1688759042' type='text/css' media='screen' />
<link rel='stylesheet' id='wp-block-library-css' href='https://sysdig.com/wp-includes/css/dist/block-library/style.min.css?ver=6.2.2' type='text/css' media='all' />
<link data-minify="1" rel='stylesheet' id='sysdig-block-editor-css' href='https://sysdig.com/wp-content/cache/min/1/wp-content/themes/sysdig/public/styles/blocks/block-editor.css?ver=1688759043' type='text/css' media='all' />
<script type='text/javascript' src='https://sysdig.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.4' id='jquery-core-js'></script>
<script type='text/javascript' src='https://sysdig.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.0' id='jquery-migrate-js' defer></script>
<script type='text/javascript' src='https://go.sysdig.com/js/forms2/js/forms2.min.js?ver=20200729-2010' id='forms2-js' defer></script>
<link rel="EditURI" type="application/rsd+xml" title="RSD" href="https://sysdig.com/xmlrpc.php?rsd" />
<link rel="wlwmanifest" type="application/wlwmanifest+xml" href="https://sysdig.com/wp-includes/wlwmanifest.xml" />
<link rel='shortlink' href='https://sysdig.com/?p=75481' />
<link rel="alternate" type="application/json+oembed" href="https://sysdig.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fsysdig.com%2Fblog%2Fcloud-defense-in-depth%2F" />
<link rel="alternate" type="text/xml+oembed" href="https://sysdig.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fsysdig.com%2Fblog%2Fcloud-defense-in-depth%2F&#038;format=xml" />
<!-- Stream WordPress user activity plugin v3.9.3 -->
<meta name="author" content="Nigel Douglas" /><meta itemprop="datePublished" content="2023-07-04" /><link rel="icon" href="https://sysdig.com/wp-content/uploads/2019/10/cropped-sysdig_favicon-1-32x32.png" sizes="32x32" />
<link rel="icon" href="https://sysdig.com/wp-content/uploads/2019/10/cropped-sysdig_favicon-1-192x192.png" sizes="192x192" />
<link rel="apple-touch-icon" href="https://sysdig.com/wp-content/uploads/2019/10/cropped-sysdig_favicon-1-180x180.png" />
<meta name="msapplication-TileImage" content="https://sysdig.com/wp-content/uploads/2019/10/cropped-sysdig_favicon-1-270x270.png" />
		<style type="text/css" id="wp-custom-css">
			h1 .u-text-underline.u-underline-teal,
h2 .u-text-underline.u-underline-teal{
	text-decoration: none;
}

@media (min-width:1150px) {
  .lg\:px-20 {
    padding-left: 3rem!important;
    padding-right: 3rem!important;
    min-width: 350px;
    max-width: 350px;
	  width: 350px;
  }
}
		</style>
		<noscript><style id="rocket-lazyload-nojs-css">.rll-youtube-player, [data-lazy-src]{display:none !important;}</style></noscript></head>

<body class="post-template-default single single-post postid-75481 single-format-standard wp-custom-logo wp-embed-responsive announcement-bar">
	<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 0 0" width="0" height="0" focusable="false" role="none" style="visibility: hidden; position: absolute; left: -9999px; overflow: hidden;" ><defs><filter id="wp-duotone-dark-grayscale"><feColorMatrix color-interpolation-filters="sRGB" type="matrix" values=" .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 " /><feComponentTransfer color-interpolation-filters="sRGB" ><feFuncR type="table" tableValues="0 0.498039215686" /><feFuncG type="table" tableValues="0 0.498039215686" /><feFuncB type="table" tableValues="0 0.498039215686" /><feFuncA type="table" tableValues="1 1" /></feComponentTransfer><feComposite in2="SourceGraphic" operator="in" /></filter></defs></svg><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 0 0" width="0" height="0" focusable="false" role="none" style="visibility: hidden; position: absolute; left: -9999px; overflow: hidden;" ><defs><filter id="wp-duotone-grayscale"><feColorMatrix color-interpolation-filters="sRGB" type="matrix" values=" .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 " /><feComponentTransfer color-interpolation-filters="sRGB" ><feFuncR type="table" tableValues="0 1" /><feFuncG type="table" tableValues="0 1" /><feFuncB type="table" tableValues="0 1" /><feFuncA type="table" tableValues="1 1" /></feComponentTransfer><feComposite in2="SourceGraphic" operator="in" /></filter></defs></svg><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 0 0" width="0" height="0" focusable="false" role="none" style="visibility: hidden; position: absolute; left: -9999px; overflow: hidden;" ><defs><filter id="wp-duotone-purple-yellow"><feColorMatrix color-interpolation-filters="sRGB" type="matrix" values=" .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 " /><feComponentTransfer color-interpolation-filters="sRGB" ><feFuncR type="table" tableValues="0.549019607843 0.988235294118" /><feFuncG type="table" tableValues="0 1" /><feFuncB type="table" tableValues="0.717647058824 0.254901960784" /><feFuncA type="table" tableValues="1 1" /></feComponentTransfer><feComposite in2="SourceGraphic" operator="in" /></filter></defs></svg><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 0 0" width="0" height="0" focusable="false" role="none" style="visibility: hidden; position: absolute; left: -9999px; overflow: hidden;" ><defs><filter id="wp-duotone-blue-red"><feColorMatrix color-interpolation-filters="sRGB" type="matrix" values=" .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 " /><feComponentTransfer color-interpolation-filters="sRGB" ><feFuncR type="table" tableValues="0 1" /><feFuncG type="table" tableValues="0 0.278431372549" /><feFuncB type="table" tableValues="0.592156862745 0.278431372549" /><feFuncA type="table" tableValues="1 1" /></feComponentTransfer><feComposite in2="SourceGraphic" operator="in" /></filter></defs></svg><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 0 0" width="0" height="0" focusable="false" role="none" style="visibility: hidden; position: absolute; left: -9999px; overflow: hidden;" ><defs><filter id="wp-duotone-midnight"><feColorMatrix color-interpolation-filters="sRGB" type="matrix" values=" .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 " /><feComponentTransfer color-interpolation-filters="sRGB" ><feFuncR type="table" tableValues="0 0" /><feFuncG type="table" tableValues="0 0.647058823529" /><feFuncB type="table" tableValues="0 1" /><feFuncA type="table" tableValues="1 1" /></feComponentTransfer><feComposite in2="SourceGraphic" operator="in" /></filter></defs></svg><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 0 0" width="0" height="0" focusable="false" role="none" style="visibility: hidden; position: absolute; left: -9999px; overflow: hidden;" ><defs><filter id="wp-duotone-magenta-yellow"><feColorMatrix color-interpolation-filters="sRGB" type="matrix" values=" .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 " /><feComponentTransfer color-interpolation-filters="sRGB" ><feFuncR type="table" tableValues="0.780392156863 1" /><feFuncG type="table" tableValues="0 0.949019607843" /><feFuncB type="table" tableValues="0.352941176471 0.470588235294" /><feFuncA type="table" tableValues="1 1" /></feComponentTransfer><feComposite in2="SourceGraphic" operator="in" /></filter></defs></svg><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 0 0" width="0" height="0" focusable="false" role="none" style="visibility: hidden; position: absolute; left: -9999px; overflow: hidden;" ><defs><filter id="wp-duotone-purple-green"><feColorMatrix color-interpolation-filters="sRGB" type="matrix" values=" .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 " /><feComponentTransfer color-interpolation-filters="sRGB" ><feFuncR type="table" tableValues="0.650980392157 0.403921568627" /><feFuncG type="table" tableValues="0 1" /><feFuncB type="table" tableValues="0.447058823529 0.4" /><feFuncA type="table" tableValues="1 1" /></feComponentTransfer><feComposite in2="SourceGraphic" operator="in" /></filter></defs></svg><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 0 0" width="0" height="0" focusable="false" role="none" style="visibility: hidden; position: absolute; left: -9999px; overflow: hidden;" ><defs><filter id="wp-duotone-blue-orange"><feColorMatrix color-interpolation-filters="sRGB" type="matrix" values=" .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 " /><feComponentTransfer color-interpolation-filters="sRGB" ><feFuncR type="table" tableValues="0.0980392156863 1" /><feFuncG type="table" tableValues="0 0.662745098039" /><feFuncB type="table" tableValues="0.847058823529 0.419607843137" /><feFuncA type="table" tableValues="1 1" /></feComponentTransfer><feComposite in2="SourceGraphic" operator="in" /></filter></defs></svg>	
<noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-KHGG4KL" height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript>
	
<div id="page" class="site">

	<div id="main-navigation" class="c-site-nav-wrap fixed-top bg-white">
	
	
<div id="announcement-bar" class="b-v4-block-container-banner" data-banner-container>
    <div class="o-container container">
        <div class="flex flex-row flex-wrap items-center justify-center position-relative pr-8 sm:pr-0 gap-4" style="min-height: 22px">

			
					<a class="js-announcement link-parent absolute flex gap-4 items-center transition-opacity duration-500 ease-in "
					   href="/customers/" target="http://_blank">
					    							<img width="310" height="318" class="h-5 w-auto" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%20310%20318'%3E%3C/svg%3E" alt="http://G2" data-lazy-src="https://sysdig.com/wp-content/uploads/logo-g2-wh.svg"><noscript><img width="310" height="318" class="h-5 w-auto" src="https://sysdig.com/wp-content/uploads/logo-g2-wh.svg" alt="http://G2"></noscript>
												<p class="">&quot;Absolutely the best in runtime security!&quot;</p>
						<div class="text-link"><span></span></div>
					</a>
					
				
					<a class="js-announcement link-parent absolute flex gap-4 items-center transition-opacity duration-500 ease-in hidden"
					   href="/customers/" target="">
					    							<img width="310" height="318" class="h-5 w-auto" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%20310%20318'%3E%3C/svg%3E" alt="http://G2" data-lazy-src="https://sysdig.com/wp-content/uploads/logo-g2-wh.svg"><noscript><img width="310" height="318" class="h-5 w-auto" src="https://sysdig.com/wp-content/uploads/logo-g2-wh.svg" alt="http://G2"></noscript>
												<p class="">&quot;Runtime protection leader!&quot;</p>
						<div class="text-link"><span></span></div>
					</a>
					
				
					<a class="js-announcement link-parent absolute flex gap-4 items-center transition-opacity duration-500 ease-in hidden"
					   href="/customers/" target="">
					    							<img width="310" height="318" class="h-5 w-auto" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%20310%20318'%3E%3C/svg%3E" alt="http://G2" data-lazy-src="https://sysdig.com/wp-content/uploads/logo-g2-wh.svg"><noscript><img width="310" height="318" class="h-5 w-auto" src="https://sysdig.com/wp-content/uploads/logo-g2-wh.svg" alt="http://G2"></noscript>
												<p class="">&quot;Sysdig Secure is drop-dead simple to use.&quot;</p>
						<div class="text-link"><span></span></div>
					</a>
					
				
					<a class="js-announcement link-parent absolute flex gap-4 items-center transition-opacity duration-500 ease-in hidden"
					   href="/customers/" target="">
					    							<img width="310" height="318" class="h-5 w-auto" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%20310%20318'%3E%3C/svg%3E" alt="http://G2" data-lazy-src="https://sysdig.com/wp-content/uploads/logo-g2-wh.svg"><noscript><img width="310" height="318" class="h-5 w-auto" src="https://sysdig.com/wp-content/uploads/logo-g2-wh.svg" alt="http://G2"></noscript>
												<p class="">&quot;Sysdig Secure is the engine driving our security posture.&quot;</p>
						<div class="text-link"><span></span></div>
					</a>
					
				
					<a class="js-announcement link-parent absolute flex gap-4 items-center transition-opacity duration-500 ease-in hidden"
					   href="/customers/" target="">
					    							<img width="310" height="318" class="h-5 w-auto" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%20310%20318'%3E%3C/svg%3E" alt="http://G2" data-lazy-src="https://sysdig.com/wp-content/uploads/logo-g2-wh.svg"><noscript><img width="310" height="318" class="h-5 w-auto" src="https://sysdig.com/wp-content/uploads/logo-g2-wh.svg" alt="http://G2"></noscript>
												<p class="">&quot;Especially strong runtime protection capability!&quot;</p>
						<div class="text-link"><span></span></div>
					</a>
					
				
            <div class="b-v4-block-container-banner-x" data-banner-x></div>
        </div>
    </div>
</div>

<script>
	// Rotate through announcements
	(() => {
		const announcements = document.getElementsByClassName('js-announcement'),
		      length = announcements.length,
			  intervalLength = 4000
		var count = 1
		// Only rotate if more than one
		if ( length > 1 ) setInterval(switchAnnouncements, intervalLength)

		function switchAnnouncements() {
			for (let i = 0; i < announcements.length; i++) {
				// If the next slide prepare to show
				if ( i === count ) {
					announcements[i].classList.remove('hidden')
					announcements[i].classList.add('opacity-0')
				// Otherwise prepare to hide
				} else {
					announcements[i].classList.add('opacity-0')
				}
			}
			// Delay to allow fade transition before setting to display: none
			setTimeout(() => {
			for (let i = 0; i < announcements.length; i++) {
				// If the next slide show
				if ( i === count ) {
					announcements[i].classList.remove('opacity-0')
				// Otherwise hide
				} else {
					announcements[i].classList.add('hidden')
					announcements[i].classList.remove('opacity-0')
				}
			}

			// If reached the end reset to first slide
			if (count === (length - 1 )) {
				count = 0
			// Otherwise move to the next slide
			} else {
				count++
			}

			}, '500')
		 }
	})();
</script>

<script>
	// Hide banner persitently if close button clicked, store setting in cookie
	(() => {
		const announcementBar = document.cookie.split("; ").find((row) => row.startsWith("announcement_closed="))?.split("=")[1];
		const announcementBarElement = document.getElementById('announcement-bar');
		if (announcementBar === 'true') {
			announcementBarElement.style.display = 'none';
			document.querySelector('#page').style = '--banner-height: 0px';
		} else {
			const site = document.querySelector('#page');
			site.style = `--banner-height: ${announcementBarElement.offsetHeight}px`;
		}
	})();
</script>

    <div class="o-container container">
        <nav class="navbar navbar-expand-lg">

            <a class="navbar-brand mr-6 lg:mr-8 xl:mr-10" href="https://sysdig.com/" rel="home">
                <img src="https://sysdig.com/wp-content/uploads/2019/10/sysdig-logo.svg" alt="Sysdig" width="180" height="65" class="mb-0 " loading="eager">            </a>

            
                <button class="navbar-toggler" type="button" aria-expanded="false" aria-label="Toggle navigation">
                    <svg width="41" height="41" viewBox="0 0 41 41" fill="none" xmlns="http://www.w3.org/2000/svg">
                        <circle cx="20.5" cy="20.5" r="19.75" stroke="#023A83" stroke-width="1.5"/>
                        <line class="line-1" x1="7.98535" y1="12.9167" x2="32.2108" y2="12.9167" stroke="#00ABC7"
                              stroke-width="1.5" stroke-linecap="round"/>
                        <line class="line-2" x1="7.98535" y1="20.152" x2="32.2108" y2="20.152" stroke="#00ABC7"
                              stroke-width="1.5" stroke-linecap="round"/>
                        <line class="line-3" x1="7.98535" y1="27.3873" x2="32.2108" y2="27.3873" stroke="#00ABC7"
                              stroke-width="1.5" stroke-linecap="round"/>
                    </svg>
                </button>

                <div class="collapse navbar-collapse" id="navbarNavDropdown">
                    <ul id="menu-main-navigation" class="navbar-nav items-start lg:items-center"><li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-55197" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children nav-item dropdown"><a id="menu-item-dropdown-55197" class="nav-link flex items-center dropdown-toggle" role="button" data-toggle="dropdown" aria-expanded="false">Products<span></span></a>
<ul class="dropdown-menu flex-col lg:flex-row flex-nowrap px-5 pt-2 pb-6 lg:px-7 lg:pt-12 lg:pb-8" aria-labelledby="menu-item-dropdown-55197" role="menu">
<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" class="mobile-back d-flex d-lg-none pb-4"><a href="#" class="d-flex items-center">Back to main menu</a></li>	<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-55209" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children nav-item pb-0 lg:pb-4"><div class="nav-column-header flex items-center md:flex-wrap md:items-start pb-5" aria-expanded="false"><span>Security<span></span></span></div>
	<ul aria-labelledby="menu-item-55209" role="menu">
		<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-55205" class="menu-item menu-item-type-custom menu-item-object-custom nav-item pb-4"><a class="nav-link depth-2" href="/products/secure/" id="menu-item-dropdown-55205"><div class="position-relative inline">Sysdig Secure<span class="gradient-border"></span></div><div class="nav-description pt-1">Container, Kubernetes and Cloud Security</div></a></li>
	</ul>
</li>
	<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-55211" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children nav-item pb-0 lg:pb-4"><div class="nav-column-header flex items-center md:flex-wrap md:items-start pb-5" aria-expanded="false"><span>Observability<span></span></span></div>
	<ul aria-labelledby="menu-item-dropdown-55205" role="menu">
		<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-55210" class="menu-item menu-item-type-custom menu-item-object-custom nav-item pb-4"><a class="nav-link depth-2" href="/products/monitor/" id="menu-item-dropdown-55210"><div class="position-relative inline">Sysdig Monitor<span class="gradient-border"></span></div><div class="nav-description pt-1">Kubernetes and Prometheus Monitoring</div></a></li>
	</ul>
</li>
	<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-59719" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children nav-item pb-0 lg:pb-4  border_left   no-header "><div class="nav-column-header flex items-center md:flex-wrap md:items-start pb-5" aria-expanded="false"><span>Platform &#8211; 3rd Column Header &#8211; Hidden<span></span></span></div>
	<ul aria-labelledby="menu-item-dropdown-55210" role="menu">
		<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-69706" class="menu-item menu-item-type-custom menu-item-object-custom nav-item pb-4"><a class="nav-link depth-2" href="https://sysdig.com/blog/cnapp-runtime-insights-shift-left-shield-right/" id="menu-item-dropdown-69706"><div class="position-relative inline">Why CNAPP?<span class="gradient-border"></span></div></a></li>
		<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-56809" class="menu-item menu-item-type-custom menu-item-object-custom nav-item pb-4"><a class="nav-link depth-2" href="/integrations/" id="menu-item-dropdown-56809"><div class="position-relative inline">Integrations<span class="gradient-border"></span></div></a></li>
		<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-56747" class="menu-item menu-item-type-custom menu-item-object-custom nav-item pb-4"><a class="nav-link depth-2" href="/pricing/" id="menu-item-dropdown-56747"><div class="position-relative inline">Pricing<span class="gradient-border"></span></div></a></li>
	</ul>
</li>
</ul>
</li>
<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-55198" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children nav-item dropdown"><a id="menu-item-dropdown-55198" class="nav-link flex items-center dropdown-toggle" role="button" data-toggle="dropdown" aria-expanded="false">Solutions<span></span></a>
<ul class="dropdown-menu flex-col lg:flex-row flex-nowrap px-5 pt-2 pb-6 lg:px-7 lg:pt-12 lg:pb-8" aria-labelledby="menu-item-dropdown-55198" role="menu">
<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" class="mobile-back d-flex d-lg-none pb-4"><a href="#" class="d-flex items-center">Back to main menu</a></li>	<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-55214" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children nav-item pb-0 lg:pb-4"><div class="nav-column-header flex items-center md:flex-wrap md:items-start pb-5" aria-expanded="false"><span>Security<span></span></span></div>
	<ul aria-labelledby="menu-item-55214" role="menu">
		<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-56777" class="menu-item menu-item-type-custom menu-item-object-custom nav-item pb-4"><a class="nav-link depth-2" href="/solutions/vulnerability-management/" id="menu-item-dropdown-56777"><div class="position-relative inline">Vulnerability Management<span class="gradient-border"></span></div></a></li>
		<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-56778" class="menu-item menu-item-type-custom menu-item-object-custom nav-item pb-4"><a class="nav-link depth-2" href="/solutions/cspm/" id="menu-item-dropdown-56778"><div class="position-relative inline">Posture Management<span class="gradient-border"></span></div></a></li>
		<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-62623" class="menu-item menu-item-type-custom menu-item-object-custom nav-item pb-4"><a class="nav-link depth-2" href="/solutions/permissions-entitlement-management/" id="menu-item-dropdown-62623"><div class="position-relative inline">Entitlement Management<span class="gradient-border"></span></div></a></li>
		<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-56780" class="menu-item menu-item-type-custom menu-item-object-custom nav-item pb-4"><a class="nav-link depth-2" href="/solutions/cloud-threat-detection-and-response/" id="menu-item-dropdown-56780"><div class="position-relative inline">Threat Detection &#038; Response<span class="gradient-border"></span></div></a></li>
		<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-74347" class="menu-item menu-item-type-custom menu-item-object-custom nav-item pb-4"><a class="nav-link depth-2" href="/solutions/host-security/" id="menu-item-dropdown-74347"><div class="position-relative inline">Host Security<span class="gradient-border"></span></div></a></li>
	</ul>
</li>
	<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-55227" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children nav-item pb-0 lg:pb-4"><a  aria-expanded="false" class="nav-link flex items-center md:flex-wrap md:items-start pb-5 nav-link depth-1 nav-column-header" href="https://sysdig.com/cloud-native-observability-solutions/" id="menu-item-dropdown-55227"><span>Observability<span></span></span></a><a class="nav-link flex items-center md:flex-wrap md:items-start pb-5 nav-link depth-1 nav-column-header" href="https://sysdig.com/cloud-native-observability-solutions/" id="menu-item-dropdown-55227">View All</a>
	<ul aria-labelledby="menu-item-dropdown-55227" role="menu">
		<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-56789" class="menu-item menu-item-type-custom menu-item-object-custom nav-item pb-4"><a class="nav-link depth-2" href="/solutions/kubernetes-monitoring/" id="menu-item-dropdown-56789"><div class="position-relative inline">Kubernetes Monitoring<span class="gradient-border"></span></div></a></li>
		<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-56787" class="menu-item menu-item-type-custom menu-item-object-custom nav-item pb-4"><a class="nav-link depth-2" href="/solutions/prometheus-monitoring/" id="menu-item-dropdown-56787"><div class="position-relative inline">Prometheus Monitoring<span class="gradient-border"></span></div></a></li>
		<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-56792" class="menu-item menu-item-type-custom menu-item-object-custom nav-item pb-4"><a class="nav-link depth-2" href="/solutions/custom-metrics/" id="menu-item-dropdown-56792"><div class="position-relative inline">Custom Metrics<span class="gradient-border"></span></div></a></li>
		<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-56788" class="menu-item menu-item-type-custom menu-item-object-custom nav-item pb-4"><a class="nav-link depth-2" href="/solutions/cloud-monitoring/" id="menu-item-dropdown-56788"><div class="position-relative inline">Cloud Monitoring<span class="gradient-border"></span></div></a></li>
		<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-56793" class="menu-item menu-item-type-custom menu-item-object-custom nav-item pb-4"><a class="nav-link depth-2" href="/solutions/cost-optimization/" id="menu-item-dropdown-56793"><div class="position-relative inline">Cost Optimization<span class="gradient-border"></span></div></a></li>
	</ul>
</li>
	<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-55228" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children nav-item pb-0 lg:pb-4"><div class="nav-column-header flex items-center md:flex-wrap md:items-start pb-5" aria-expanded="false"><span>Environments<span></span></span></div>
	<ul aria-labelledby="menu-item-dropdown-56793" role="menu">
		<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-57499" class="menu-item menu-item-type-custom menu-item-object-custom nav-item pb-4"><a class="nav-link depth-2" href="/solutions/container-and-kubernetes-security/" id="menu-item-dropdown-57499"><div class="position-relative inline">Kubernetes &#038; Containers<span class="gradient-border"></span></div></a></li>
		<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-57552" class="menu-item menu-item-type-custom menu-item-object-custom nav-item pb-4"><a class="nav-link depth-2" href="/ecosystem/serverless/" id="menu-item-dropdown-57552"><div class="position-relative inline">Serverless<span class="gradient-border"></span></div></a></li>
		<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-57450" class="menu-item menu-item-type-custom menu-item-object-custom nav-item pb-4"><a class="nav-link depth-2" href="/ecosystem/aws/" id="menu-item-dropdown-57450"><div class="position-relative inline">Amazon Web Services<span class="gradient-border"></span></div></a></li>
		<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-57573" class="menu-item menu-item-type-custom menu-item-object-custom nav-item pb-4"><a class="nav-link depth-2" href="/ecosystem/google-cloud/" id="menu-item-dropdown-57573"><div class="position-relative inline">Google Cloud<span class="gradient-border"></span></div></a></li>
		<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-57582" class="menu-item menu-item-type-custom menu-item-object-custom nav-item pb-4"><a class="nav-link depth-2" href="/ecosystem/microsoft-azure/" id="menu-item-dropdown-57582"><div class="position-relative inline">Microsoft Azure<span class="gradient-border"></span></div></a></li>
		<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-57606" class="menu-item menu-item-type-custom menu-item-object-custom nav-item pb-4"><a class="nav-link depth-2" href="/ecosystem/ibm/" id="menu-item-dropdown-57606"><div class="position-relative inline">IBM Cloud<span class="gradient-border"></span></div></a></li>
		<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-58592" class="menu-item menu-item-type-custom menu-item-object-custom nav-item pb-4"><a class="nav-link depth-2" href="https://sysdig.com/ecosystem/" id="menu-item-dropdown-58592"><div class="position-relative inline">View All<span class="gradient-border"></span></div></a></li>
	</ul>
</li>
</ul>
</li>
<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-55199" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children nav-item dropdown"><a id="menu-item-dropdown-55199" class="nav-link flex items-center dropdown-toggle" role="button" data-toggle="dropdown" aria-expanded="false">Open Source<span></span></a>
<ul class="dropdown-menu flex-col lg:flex-row flex-nowrap px-5 pt-2 pb-6 lg:px-7 lg:pt-12 lg:pb-8" aria-labelledby="menu-item-dropdown-55199" role="menu">
<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" class="mobile-back d-flex d-lg-none pb-4"><a href="#" class="d-flex items-center">Back to main menu</a></li>	<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-55240" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children nav-item pb-0 lg:pb-4  no-header "><div class="nav-column-header flex items-center md:flex-wrap md:items-start pb-5" aria-expanded="false"><span>Open Source &#8211; 1st Column Header &#8211; HIdden<span></span></span></div>
	<ul aria-labelledby="menu-item-55240" role="menu">
		<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-73810" class="menu-item menu-item-type-custom menu-item-object-custom nav-item pb-4"><a class="nav-link depth-2" href="/opensource/" id="menu-item-dropdown-73810"><div class="position-relative inline">Sysdig and Open Source<span class="gradient-border"></span></div></a></li>
	</ul>
</li>
	<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-55242" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children nav-item pb-0 lg:pb-4"><div class="nav-column-header flex items-center md:flex-wrap md:items-start pb-5" aria-expanded="false"><span>Projects<span></span></span></div>
	<ul aria-labelledby="menu-item-dropdown-73810" role="menu">
		<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-56796" class="menu-item menu-item-type-custom menu-item-object-custom nav-item pb-4"><a class="nav-link depth-2" href="/opensource/falco/" id="menu-item-dropdown-56796"><div class="position-relative inline">Falco<span class="gradient-border"></span></div></a></li>
		<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-57640" class="menu-item menu-item-type-custom menu-item-object-custom nav-item pb-4"><a class="nav-link depth-2" href="/opensource/open-policy-agent/" id="menu-item-dropdown-57640"><div class="position-relative inline">Open Policy Agent<span class="gradient-border"></span></div></a></li>
		<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-57641" class="menu-item menu-item-type-custom menu-item-object-custom nav-item pb-4"><a class="nav-link depth-2" href="/opensource/sysdig-open-source/" id="menu-item-dropdown-57641"><div class="position-relative inline">Sysdig Open Source<span class="gradient-border"></span></div></a></li>
		<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-57642" class="menu-item menu-item-type-custom menu-item-object-custom nav-item pb-4"><a class="nav-link depth-2" href="/opensource/prometheus/" id="menu-item-dropdown-57642"><div class="position-relative inline">Prometheus<span class="gradient-border"></span></div></a></li>
	</ul>
</li>
</ul>
</li>
<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-55200" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children nav-item dropdown"><a id="menu-item-dropdown-55200" class="nav-link flex items-center dropdown-toggle" role="button" data-toggle="dropdown" aria-expanded="false">Why Sysdig<span></span></a>
<ul class="dropdown-menu flex-col lg:flex-row flex-nowrap px-5 pt-2 pb-6 lg:px-7 lg:pt-12 lg:pb-8" aria-labelledby="menu-item-dropdown-55200" role="menu">
<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" class="mobile-back d-flex d-lg-none pb-4"><a href="#" class="d-flex items-center">Back to main menu</a></li>	<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-74345" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children nav-item pb-0 lg:pb-4"><div class="nav-column-header flex items-center md:flex-wrap md:items-start pb-5" aria-expanded="false"><span>Why Sysdig<span></span></span></div>
	<ul aria-labelledby="menu-item-74345" role="menu">
		<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-74336" class="menu-item menu-item-type-custom menu-item-object-custom nav-item pb-4"><a class="nav-link depth-2" href="/why-runtime-insights/" id="menu-item-dropdown-74336"><div class="position-relative inline">Why Runtime Insights<span class="gradient-border"></span></div></a></li>
		<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-74337" class="menu-item menu-item-type-custom menu-item-object-custom nav-item pb-4"><a class="nav-link depth-2" href="/customers/" id="menu-item-dropdown-74337"><div class="position-relative inline">Our Customers<span class="gradient-border"></span></div></a></li>
		<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-74338" class="menu-item menu-item-type-custom menu-item-object-custom nav-item pb-4"><a class="nav-link depth-2" href="/about/" id="menu-item-dropdown-74338"><div class="position-relative inline">About Us<span class="gradient-border"></span></div></a></li>
		<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-74339" class="menu-item menu-item-type-custom menu-item-object-custom nav-item pb-4"><a class="nav-link depth-2" href="/threat-research/" id="menu-item-dropdown-74339"><div class="position-relative inline">Threat Research<span class="gradient-border"></span></div></a></li>
	</ul>
</li>
	<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-74340" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children nav-item pb-0 lg:pb-4"><div class="nav-column-header flex items-center md:flex-wrap md:items-start pb-5" aria-expanded="false"><span>Compare Sysdig<span></span></span></div>
	<ul aria-labelledby="menu-item-dropdown-74339" role="menu">
		<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-74341" class="menu-item menu-item-type-custom menu-item-object-custom nav-item pb-4"><a class="nav-link depth-2" href="/vs/crowdstrike/" id="menu-item-dropdown-74341"><div class="position-relative inline">Crowdstrike<span class="gradient-border"></span></div></a></li>
		<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-74342" class="menu-item menu-item-type-custom menu-item-object-custom nav-item pb-4"><a class="nav-link depth-2" href="/vs/lacework/" id="menu-item-dropdown-74342"><div class="position-relative inline">Lacework<span class="gradient-border"></span></div></a></li>
		<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-74343" class="menu-item menu-item-type-custom menu-item-object-custom nav-item pb-4"><a class="nav-link depth-2" href="/vs/prismacloud/" id="menu-item-dropdown-74343"><div class="position-relative inline">Prisma Cloud<span class="gradient-border"></span></div></a></li>
		<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-74344" class="menu-item menu-item-type-custom menu-item-object-custom nav-item pb-4"><a class="nav-link depth-2" href="/vs/wiz/" id="menu-item-dropdown-74344"><div class="position-relative inline">Wiz<span class="gradient-border"></span></div></a></li>
	</ul>
</li>
</ul>
</li>
<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-55201" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children nav-item dropdown"><a id="menu-item-dropdown-55201" class="nav-link flex items-center dropdown-toggle" role="button" data-toggle="dropdown" aria-expanded="false">Resources<span></span></a>
<ul class="dropdown-menu flex-col lg:flex-row flex-nowrap px-5 pt-2 pb-6 lg:px-7 lg:pt-12 lg:pb-8" aria-labelledby="menu-item-dropdown-55201" role="menu">
<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" class="mobile-back d-flex d-lg-none pb-4"><a href="#" class="d-flex items-center">Back to main menu</a></li>	<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-55247" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children nav-item pb-0 lg:pb-4  no-header "><div class="nav-column-header flex items-center md:flex-wrap md:items-start pb-5" aria-expanded="false"><span>Resources &#8211; 1st Column Header &#8211; Hidden<span></span></span></div>
	<ul aria-labelledby="menu-item-55247" role="menu">
		<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-55248" class="menu-item menu-item-type-post_type menu-item-object-page nav-item pb-4"><a class="nav-link depth-2" href="https://sysdig.com/blog/" id="menu-item-dropdown-55248"><div class="position-relative inline">Blog<span class="gradient-border"></span></div></a></li>
		<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-55249" class="menu-item menu-item-type-post_type menu-item-object-page nav-item pb-4"><a class="nav-link depth-2" href="https://sysdig.com/threat-research/" id="menu-item-dropdown-55249"><div class="position-relative inline">Threat Research<span class="gradient-border"></span></div></a></li>
	</ul>
</li>
	<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-55250" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children nav-item pb-0 lg:pb-4"><div class="nav-column-header flex items-center md:flex-wrap md:items-start pb-5" aria-expanded="false"><span>Education<span></span></span></div>
	<ul aria-labelledby="menu-item-dropdown-55249" role="menu">
		<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-55251" class="menu-item menu-item-type-post_type menu-item-object-page nav-item pb-4"><a class="nav-link depth-2" href="https://sysdig.com/content-library/" id="menu-item-dropdown-55251"><div class="position-relative inline">Content Library<span class="gradient-border"></span></div></a></li>
		<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-63696" class="menu-item menu-item-type-custom menu-item-object-custom nav-item pb-4"><a class="nav-link depth-2" href="/content-library/webinars/" id="menu-item-dropdown-63696"><div class="position-relative inline">Events &#038; Webinars<span class="gradient-border"></span></div></a></li>
		<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-55253" class="menu-item menu-item-type-post_type menu-item-object-page nav-item pb-4"><a class="nav-link depth-2" href="https://sysdig.com/learn-cloud-native/" id="menu-item-dropdown-55253"><div class="position-relative inline">Learn Cloud Native<span class="gradient-border"></span></div></a></li>
		<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-57650" class="menu-item menu-item-type-custom menu-item-object-custom nav-item pb-4"><a class="nav-link depth-2" href="https://learn.sysdig.com/" id="menu-item-dropdown-57650" target="_blank"><div class="position-relative inline">Training Portal<span class="gradient-border"></span></div></a></li>
	</ul>
</li>
	<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-55255" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children nav-item pb-0 lg:pb-4"><div class="nav-column-header flex items-center md:flex-wrap md:items-start pb-5" aria-expanded="false"><span>Topics<span></span></span></div>
	<ul aria-labelledby="menu-item-dropdown-57650" role="menu">
		<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-57644" class="menu-item menu-item-type-custom menu-item-object-custom nav-item pb-4"><a class="nav-link depth-2" href="/topic/kubernetes-container-security/" id="menu-item-dropdown-57644"><div class="position-relative inline">Container Security<span class="gradient-border"></span></div></a></li>
		<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-57643" class="menu-item menu-item-type-custom menu-item-object-custom nav-item pb-4"><a class="nav-link depth-2" href="/topic/cloud-security/" id="menu-item-dropdown-57643"><div class="position-relative inline">Cloud Security<span class="gradient-border"></span></div></a></li>
		<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-57646" class="menu-item menu-item-type-custom menu-item-object-custom nav-item pb-4"><a class="nav-link depth-2" href="/topic/monitoring/" id="menu-item-dropdown-57646"><div class="position-relative inline">Monitoring<span class="gradient-border"></span></div></a></li>
		<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-57645" class="menu-item menu-item-type-custom menu-item-object-custom nav-item pb-4"><a class="nav-link depth-2" href="/topic/compliance/" id="menu-item-dropdown-57645"><div class="position-relative inline">Compliance<span class="gradient-border"></span></div></a></li>
	</ul>
</li>
	<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-55260" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children nav-item pb-0 lg:pb-4"><div class="nav-column-header flex items-center md:flex-wrap md:items-start pb-5" aria-expanded="false"><span>Support<span></span></span></div>
	<ul aria-labelledby="menu-item-dropdown-57645" role="menu">
		<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-55261" class="menu-item menu-item-type-custom menu-item-object-custom nav-item pb-4"><a class="nav-link depth-2" href="/support/" id="menu-item-dropdown-55261"><div class="position-relative inline">Support<span class="gradient-border"></span></div></a></li>
		<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-57651" class="menu-item menu-item-type-custom menu-item-object-custom nav-item pb-4"><a class="nav-link depth-2" href="https://kb.sysdig.com/" id="menu-item-dropdown-57651" target="_blank"><div class="position-relative inline">Knowledgebase<span class="gradient-border"></span></div></a></li>
		<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-57652" class="menu-item menu-item-type-custom menu-item-object-custom nav-item pb-4"><a class="nav-link depth-2" href="https://docs.sysdig.com/" id="menu-item-dropdown-57652" target="_blank"><div class="position-relative inline">Documentation<span class="gradient-border"></span></div></a></li>
		<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-57653" class="menu-item menu-item-type-custom menu-item-object-custom nav-item pb-4"><a class="nav-link depth-2" href="https://sysdig.force.com/support/s/web-to-case/" id="menu-item-dropdown-57653" target="_blank"><div class="position-relative inline">Submit a Ticket<span class="gradient-border"></span></div></a></li>
		<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-57654" class="menu-item menu-item-type-custom menu-item-object-custom nav-item pb-4"><a class="nav-link depth-2" href="/company/sysdig-status/" id="menu-item-dropdown-57654"><div class="position-relative inline">Sysdig Status<span class="gradient-border"></span></div></a></li>
	</ul>
</li>
</ul>
</li>
</ul><ul id="menu-main-navigation-side" class="navbar-nav items-start lg:items-center"><li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-55171" class="menu-item menu-item-type-custom menu-item-object-custom nav-item dropdown is_search ml-auto"><a id="menu-item-dropdown-55171" class="nav-link flex items-center dropdown-toggle border_right " role="button" data-toggle="dropdown" aria-expanded="false"><img width="16" height="17" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%2016%2017'%3E%3C/svg%3E" data-lazy-src="https://sysdig.com/wp-content/themes/sysdig/assets/images/search.svg" /><noscript><img width="16" height="17" src="https://sysdig.com/wp-content/themes/sysdig/assets/images/search.svg" /></noscript> <div class="d-flex d-lg-none ml-1">Search</div><span></span></a><ul class="dropdown-menu c-v4-dropdown-search flex-row flex-wrap items-start px-5 pt-2 pb-6 lg:p-12" aria-labelledby="menu-item-dropdown-49968" role="menu"">
        <li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" class="mobile-back d-flex d-lg-none pb-4"><a href="#" class="d-flex items-center">Back to main menu</a></li>
        <li class="c-v4-dropdown-search--wrapper mt-4 lg:mt-0 p-0">

<form role="search" method="get" class="c-search-form" action="https://sysdig.com/">
	<label class="c-search-form__label ">
		<span class="before"></span>
		<span class="screen-reader-text">Search for:</span>
		<input type="text" class="c-search-form__field" placeholder="Search" value="" name="s" />
		<span class="after"></span>
	</label>
	<button type="submit" class="c-search-form__button button bg-yellow" ><span>Search</span></button>
</form></li>
        <li class="c-v4-dropdown-search--results pt-4 px-0 lg:pt-8 lg:px-12">
          <div class="c-v4-dropdown-search--results-header u-text-xs pb-5">Best Match</div>
          <div class="c-v4-dropdown-search--results-body pb-5"></div><a class="text-link search-link" href="#" target="">View all search results<span></span></a>
        </li>
      </ul></li>
<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-55172" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children nav-item dropdown"><a id="menu-item-dropdown-55172" class="nav-link flex items-center dropdown-toggle border_right " role="button" data-toggle="dropdown" aria-expanded="false">Log In<span></span></a>
<ul class="dropdown-menu flex-col lg:flex-row flex-nowrap px-5 pt-2 pb-6 lg:px-7 lg:pt-12 lg:pb-8" aria-labelledby="menu-item-dropdown-55172" role="menu">
<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" class="mobile-back d-flex d-lg-none pb-4"><a href="#" class="d-flex items-center">Back to main menu</a></li>	<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-55173" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children nav-item pb-0 lg:pb-4"><div class="nav-column-header flex items-center md:flex-wrap md:items-start pb-5" aria-expanded="false"><span>Monitor<span></span></span></div>
	<ul aria-labelledby="menu-item-55173" role="menu">
		<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-57656" class="menu-item menu-item-type-custom menu-item-object-custom nav-item pb-4"><a class="nav-link depth-2" href="https://app.sysdigcloud.com/#/login" id="menu-item-dropdown-57656" target="_blank"><div class="position-relative inline">US-East<span class="gradient-border"></span></div></a></li>
		<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-57657" class="menu-item menu-item-type-custom menu-item-object-custom nav-item pb-4"><a class="nav-link depth-2" href="https://us2.app.sysdig.com/#/login" id="menu-item-dropdown-57657"><div class="position-relative inline">US-West<span class="gradient-border"></span></div></a></li>
		<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-57658" class="menu-item menu-item-type-custom menu-item-object-custom nav-item pb-4"><a class="nav-link depth-2" href="https://eu1.app.sysdig.com/#/login" id="menu-item-dropdown-57658"><div class="position-relative inline">EU-Central<span class="gradient-border"></span></div></a></li>
		<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-57659" class="menu-item menu-item-type-custom menu-item-object-custom nav-item pb-4"><a class="nav-link depth-2" href="https://app.au1.sysdig.com/#/login" id="menu-item-dropdown-57659"><div class="position-relative inline">AWS-AP-Sydney<span class="gradient-border"></span></div></a></li>
		<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-57660" class="menu-item menu-item-type-custom menu-item-object-custom nav-item pb-4"><a class="nav-link depth-2" href="https://app.us4.sysdig.com/#/login" id="menu-item-dropdown-57660"><div class="position-relative inline">GCP-US-West<span class="gradient-border"></span></div></a></li>
	</ul>
</li>
	<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-55179" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children nav-item pb-0 lg:pb-4"><div class="nav-column-header flex items-center md:flex-wrap md:items-start pb-5" aria-expanded="false"><span>Secure<span></span></span></div>
	<ul aria-labelledby="menu-item-dropdown-57660" role="menu">
		<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-57661" class="menu-item menu-item-type-custom menu-item-object-custom nav-item pb-4"><a class="nav-link depth-2" href="https://secure.sysdig.com/#/login" id="menu-item-dropdown-57661" target="_blank"><div class="position-relative inline">US-East<span class="gradient-border"></span></div></a></li>
		<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-57662" class="menu-item menu-item-type-custom menu-item-object-custom nav-item pb-4"><a class="nav-link depth-2" href="https://us2.app.sysdig.com/secure/#/login" id="menu-item-dropdown-57662" target="_blank"><div class="position-relative inline">US-West<span class="gradient-border"></span></div></a></li>
		<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-57663" class="menu-item menu-item-type-custom menu-item-object-custom nav-item pb-4"><a class="nav-link depth-2" href="https://eu1.app.sysdig.com/secure/#/login" id="menu-item-dropdown-57663" target="_blank"><div class="position-relative inline">EU-Central<span class="gradient-border"></span></div></a></li>
		<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-57664" class="menu-item menu-item-type-custom menu-item-object-custom nav-item pb-4"><a class="nav-link depth-2" href="https://app.au1.sysdig.com/secure/#/login" id="menu-item-dropdown-57664" target="_blank"><div class="position-relative inline">AWS-AP-Sydney<span class="gradient-border"></span></div></a></li>
		<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-57665" class="menu-item menu-item-type-custom menu-item-object-custom nav-item pb-4"><a class="nav-link depth-2" href="https://app.us4.sysdig.com/secure/#/login" id="menu-item-dropdown-57665" target="_blank"><div class="position-relative inline">GCP-US-West<span class="gradient-border"></span></div></a></li>
	</ul>
</li>
	<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-55185" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children nav-item pb-0 lg:pb-4  no-header "><div class="nav-column-header flex items-center md:flex-wrap md:items-start pb-5" aria-expanded="false"><span>Log In &#8211; 3rd Column Header &#8211; HIdden<span></span></span></div>
	<ul aria-labelledby="menu-item-dropdown-57665" role="menu">
		<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-57666" class="menu-item menu-item-type-custom menu-item-object-custom nav-item pb-4"><a class="nav-link depth-2" href="https://cx.sysdig.com/" id="menu-item-dropdown-57666" target="_blank"><div class="position-relative inline">Support<span class="gradient-border"></span></div></a></li>
	</ul>
</li>
</ul>
</li>
<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-55187" class="is-language-dropdown menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children nav-item dropdown"><a id="menu-item-dropdown-55187" class="nav-link flex items-center dropdown-toggle" role="button" data-toggle="dropdown" aria-expanded="false"><img width="17" height="18" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%2017%2018'%3E%3C/svg%3E" data-lazy-src="https://sysdig.com/wp-content/themes/sysdig/assets/images/globe.svg" /><noscript><img width="17" height="18" src="https://sysdig.com/wp-content/themes/sysdig/assets/images/globe.svg" /></noscript> <div class="d-flex d-lg-none ml-1">Languages</div><span></span></a>
<ul class="dropdown-menu flex-col lg:flex-row flex-nowrap px-5 pt-2 pb-6 lg:px-7 lg:pt-12 lg:pb-8" aria-labelledby="menu-item-dropdown-55187" role="menu">
<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" class="mobile-back d-flex d-lg-none pb-4"><a href="#" class="d-flex items-center">Back to main menu</a></li>	<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-55188" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children nav-item pb-0 lg:pb-4  no-header "><div class="nav-column-header flex items-center md:flex-wrap md:items-start pb-5" aria-expanded="false"><span>Language Header &#8211; Hidden<span></span></span></div>
	<ul aria-labelledby="menu-item-55188" role="menu">
		<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-55194" class="menu-item menu-item-type-custom menu-item-object-custom nav-item pb-4"><a class="nav-link depth-2" href="https://de.sysdig.com/" id="menu-item-dropdown-55194"><div class="position-relative inline">Deutsch<span class="gradient-border"></span></div></a></li>
		<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-55189" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-home nav-item pb-4"><a class="nav-link depth-2" href="https://sysdig.com/" id="menu-item-dropdown-55189"><div class="position-relative inline">English<span class="gradient-border"></span></div></a></li>
		<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-55192" class="menu-item menu-item-type-custom menu-item-object-custom nav-item pb-4"><a class="nav-link depth-2" href="https://sysdig.es/" id="menu-item-dropdown-55192"><div class="position-relative inline">Español<span class="gradient-border"></span></div></a></li>
		<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-55190" class="menu-item menu-item-type-custom menu-item-object-custom nav-item pb-4"><a class="nav-link depth-2" href="https://fr.sysdig.com/" id="menu-item-dropdown-55190"><div class="position-relative inline">Français<span class="gradient-border"></span></div></a></li>
		<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-55191" class="menu-item menu-item-type-custom menu-item-object-custom nav-item pb-4"><a class="nav-link depth-2" href="https://it.sysdig.com/" id="menu-item-dropdown-55191"><div class="position-relative inline">Italiano<span class="gradient-border"></span></div></a></li>
		<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-55193" class="menu-item menu-item-type-custom menu-item-object-custom nav-item pb-4"><a class="nav-link depth-2" href="https://sysdig.jp/" id="menu-item-dropdown-55193"><div class="position-relative inline">日本<span class="gradient-border"></span></div></a></li>
	</ul>
</li>
</ul>
</li>
<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-55195" class="menu-item menu-item-type-custom menu-item-object-custom nav-item"><a id="menu-item-dropdown-55195" class="nav-link flex items-center  button   bg-yellow " href="/start-free/" target="_blank">Start Free<span></span></a></li>
<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-55196" class="menu-item menu-item-type-custom menu-item-object-custom nav-item"><a id="menu-item-dropdown-55196" class="nav-link flex items-center  text-link " href="/request-a-demo/" target="_blank">Get Demo<span></span><span></span></a></li>
</ul>                </div>

                    </nav>
    </div>
</div>

	<div id="content" class="site-content"><div id="primary" class="content-area"><main id="main" class="site-main">
			
	<div class="c-v4-m1-hero o-section pb-12 md:pb-4
    ">

		<div class="o-container container">
			<div class="row">

								<div class="c-v4-m1-hero--main col-12 col-md-7 col-lg-8 pb-8 md:pb-0">
					

					<h1>Cloud Defense in Depth: Lessons from the Kinsing Malware</h1>

					
											<div class="b-v4-block-container-author">
														By <a href="https://sysdig.com/blog/author/nigel-douglas/">Nigel Douglas</a> - JULY 4, 2023						</div>
					
					
					 

    <div class="flex items-center mb-6">
        <p class="font-medium text-sm mb-0 mr-0.5">SHARE:</p>

                    <a class="ml-2.5" style="max-width: 35px; max-height:35px;"
               href="https://www.facebook.com/sharer/sharer.php?u=https://sysdig.com/blog/cloud-defense-in-depth/" target="_blank">
                <img width="72" height="72" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%2072%2072'%3E%3C/svg%3E" class="w-full h-full" alt="" decoding="async" data-lazy-src="https://sysdig.com/wp-content/uploads/facebook-3-logo-1-1.png" /><noscript><img width="72" height="72" src="https://sysdig.com/wp-content/uploads/facebook-3-logo-1-1.png" class="w-full h-full" alt="" decoding="async" /></noscript>            </a>
                    <a class="ml-2.5" style="max-width: 35px; max-height:35px;"
               href="https://www.linkedin.com/shareArticle?mini=true&amp;url=https://sysdig.com/blog/cloud-defense-in-depth/" target="_blank">
                <img width="72" height="72" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%2072%2072'%3E%3C/svg%3E" class="w-full h-full" alt="" decoding="async" data-lazy-src="https://sysdig.com/wp-content/uploads/Vector-1-2.png" /><noscript><img width="72" height="72" src="https://sysdig.com/wp-content/uploads/Vector-1-2.png" class="w-full h-full" alt="" decoding="async" /></noscript>            </a>
                    <a class="ml-2.5" style="max-width: 35px; max-height:35px;"
               href="https://twitter.com/intent/tweet?url=https://sysdig.com/blog/cloud-defense-in-depth/&amp;text=" target="_blank">
                <img width="72" height="72" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%2072%2072'%3E%3C/svg%3E" class="w-full h-full" alt="" decoding="async" data-lazy-src="https://sysdig.com/wp-content/uploads/twitter-3-logo-2.png" /><noscript><img width="72" height="72" src="https://sysdig.com/wp-content/uploads/twitter-3-logo-2.png" class="w-full h-full" alt="" decoding="async" /></noscript>            </a>
         

        
    </div><!-- b-v4-block-container-social-share -->

									</div>

				<div class="c-v4-m1-hero--lottie col-12 col-md-5 col-lg-4 d-flex">
					<div class="d-flex justify-center align-items-center w-100">
						<div class="b-v4-block-container-img md:mt-12">
							<img width="1200" height="660" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%201200%20660'%3E%3C/svg%3E" class="attachment-full size-full" alt="Exploring Defense in Depth: Lessons Learned from the Kinsing Malware" decoding="async" data-lazy-srcset="https://sysdig.com/wp-content/uploads/Defense-in-Depth_1.png 1200w, https://sysdig.com/wp-content/uploads/Defense-in-Depth_1-350x193.png 350w, https://sysdig.com/wp-content/uploads/Defense-in-Depth_1-1170x644.png 1170w, https://sysdig.com/wp-content/uploads/Defense-in-Depth_1-768x422.png 768w, https://sysdig.com/wp-content/uploads/Defense-in-Depth_1-175x96.png 175w, / 1w" data-lazy-sizes="(max-width: 1200px) 100vw, 1200px" data-lazy-src="https://sysdig.com/wp-content/uploads/Defense-in-Depth_1.png" /><noscript><img width="1200" height="660" src="https://sysdig.com/wp-content/uploads/Defense-in-Depth_1.png" class="attachment-full size-full" alt="Exploring Defense in Depth: Lessons Learned from the Kinsing Malware" decoding="async" srcset="https://sysdig.com/wp-content/uploads/Defense-in-Depth_1.png 1200w, https://sysdig.com/wp-content/uploads/Defense-in-Depth_1-350x193.png 350w, https://sysdig.com/wp-content/uploads/Defense-in-Depth_1-1170x644.png 1170w, https://sysdig.com/wp-content/uploads/Defense-in-Depth_1-768x422.png 768w, https://sysdig.com/wp-content/uploads/Defense-in-Depth_1-175x96.png 175w, / 1w" sizes="(max-width: 1200px) 100vw, 1200px" /></noscript>						</div>
					</div>
				</div>

			</div>
		</div>
	</div>


	<div class="o-container container b-v4-block-container has-global-padding pb-12 md:pb-24">

	<div class="row justify-content-between">

						<style>
                    /* Use calculated var from announement bar script to calc top offset */
                    .c-nav-links {
                        top: calc(100px + var(--banner-height, 0px));
                    }

                    .admin-bar .c-nav-links {
                        top: calc(32px + 100px + var(--banner-height, 0px));
                    }
				</style>

				<div id="nav-links-desktop"
				     class="c-nav-links b-v4-block-container-anchors-wrapper c-toc__wrapper col-12 relative sticky bg-white mb-2 mt-0">
					<div id="nav-links-desktop-content"
					     class="b-v4-block-container-anchors collapse show col-12 col-md-11">
						<p>content:</p>
													<a href="#what"
							   class="b-v4-block-container-anchors-links">What is Defense in Depth and Why Should it be in Every Cloud Security Plan?</a>
													<a href="#how"
							   class="b-v4-block-container-anchors-links">How an attacker moves from a Database to Cloud:</a>
													<a href="#conclusion"
							   class="b-v4-block-container-anchors-links">Conclusion</a>
											</div>

					<div class="b-v4-block-container-anchors-wrapper-heading flex justify-end items-center">
						<button type="button"
						        class="button-toggle p-0"
						        data-toggle="collapse"
						        data-target="#nav-links-desktop-content"
						        aria-expanded="true"
						        aria-controls="nav-links-desktop-content">
							<span class="open">Show Table of Contents +</span>
							<span class="close">Hide &minus;</span>
						</button>
					</div>
				</div>

				<div class="b-v4-block-container-anchors--mobile">
					<div class="b-v4-block-container-anchors--mobile-holder" data-more-mobile-dropdown>
						<p class="b-v4-block-container-anchors--mobile-title">Content</p>
						<div class="b-v4-block-container-anchors--mobile-image" data-more-mobile-dropdown></div>
					</div>

											<div class="b-v4-block-container-anchors--mobile-link" data-more-mobile-dropdown>
							<a class="text-link " href="#what" target="">What is Defense in Depth and Why Should it be in Every Cloud Security Plan?<span></span></a>						</div>
											<div class="b-v4-block-container-anchors--mobile-link" data-more-mobile-dropdown>
							<a class="text-link " href="#how" target="">How an attacker moves from a Database to Cloud:<span></span></a>						</div>
											<div class="b-v4-block-container-anchors--mobile-link" data-more-mobile-dropdown>
							<a class="text-link " href="#conclusion" target="">Conclusion<span></span></a>						</div>
									</div>
					
		
			<div class="col-12 col-lg-8 offset-lg-2">

				
				<div class="entry-content wp-block-post-content has-global-padding is-layout-constrained"><!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html><body><p>In the face of persistent data breaches and escalating cyber threats, organizations are compelled to prioritize cloud defense in depth. These measures are indispensable for protecting critical assets and upholding the integrity of cloud-based systems. By establishing a comprehensive security plan, organizations can effectively convey their commitment to security and lay a solid foundation for a resilient and secure cloud environment.</p>



<p>In this blog post, we will delve into the profound strength and versatility offered by open source, cloud-native tools, which play a pivotal role in mitigating the lateral movement of malware, like Kinsing, within Kubernetes. This form of malware poses a significant threat to databases operating in cloud environments. Although we focus on Kinsing as a recent attack pattern, the principles discussed here can be extended to other types of malware that target cloud-native applications.</p>



<h2 class="wp-block-heading" id="what">What is Cloud Defense in Depth and Why Should it be in Every Cloud Security Plan?</h2>



<p>To strengthen cloud security further, organizations must embrace the concept of defense-in-depth. Cloud defense in depth extends beyond the generic constraints of supply chain security and host/workload runtime security. It encompasses the proactive implementation of multiple layers of security controls throughout an organization&#8217;s cloud infrastructure.</p>



<p>The shift-left and shield-right methodologies have emerged as powerful practices that organizations can adopt to enhance cloud security. Shift-left emphasizes integrating security considerations early in the development process, enabling developers to identify and address vulnerabilities at their root. By incorporating security tools and practices such as static code analysis, vulnerability scanning, and secure coding guidelines, organizations can proactively eliminate potential risks before they propagate throughout the application.</p>



<p>On the other hand, Shield-Right focuses on implementing security controls and protections at runtime and in the operational phase of the application lifecycle. It ensures that robust security measures are in place to shield the application from attacks and malicious activities. Kubernetes, a popular container orchestration platform, plays a crucial role in the Shield-Right methodology. It enables organizations to secure their containerized applications by leveraging features such as Role-Based Access Controls (RBAC), Kubernetes Network Policies (KNP), and runtime monitoring through Falco.</p>



<h2 class="wp-block-heading" id="how">How an attacker moves from a Database to Cloud:</h2>



<p>Let&#8217;s discuss an attack scenario that justifies the need for end-to-end detections to secure cloud-native workloads. The incident involves the Kinsing malware, which exploits vulnerabilities in container images and when misconfigured, exposed PostgreSQL containers to breach Kubernetes clusters. Kinsing, a Linux malware with a history of targeting containerized environments for cryptomining, utilizes compromised server resources to generate illicit profits for the threat actors.</p>



<p>If you&#8217;re unfamiliar with Kinsing malware, we provide dedicated resources to help you understand these <a href="https://sysdig.com/blog/zoom-into-kinsing-kdevtmpfsi/">types of attacks</a>. The operators behind Kinsing are notorious for exploiting well-known vulnerabilities like Log4Shell.</p>



<p>Their objective is to gain initial access to Linux servers, regardless of whether they are operating on-premises or in the cloud, by exploiting the two standard options. The third point outlines potential techniques for lateral movement towards the cloud environment.</p>



<ol>
<li><strong>Mitigating risk for misconfigured PostgreSQL databases</strong> </li>
</ol>



<ul>
<li><a href="#use">Use known registries for container&rsquo;s images</a></li>
</ul>



<ul>
<li><a href="#harden">Harden the network access to the server</a></li>
</ul>



<ul>
<li><a href="#scan">Scan images for vulnerabilities</a></li>
</ul>



<ul>
<li><a href="#patch">Patch on time</a><p id="gdcalert2"></p><p id="gdcalert3"></p><p id="gdcalert4"></p></li>
</ul>



<p>2. <strong>Mitigating risk in vulnerable container images</strong></p>



<ul>
<li><a href="#remove">Remove trust authentication</a></li>
</ul>



<ul>
<li><a href="#network">Harden the network access to the database</a></li>
</ul>



<ul>
<li><a href="#default">Remove default users, and extensive permissions</a></li>
</ul>



<p>3. <strong>Mitigating lateral movements to the cloud</strong> </p>



<ul>
<li><a href="#detect">Detect attempts to access sensitive credentials in Kubernetes</a></li>
</ul>



<ul>
<li><a href="#extend">Extend detection capabilities to cloud services</a><p id="gdcalert9"></p></li>
</ul>



<figure class="wp-block-image aligncenter size-large"><a href="https://sysdig.com/wp-content/uploads/Defense-in-Depth_3.png"><img decoding="async" width="1170" height="439" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%201170%20439'%3E%3C/svg%3E" alt="Cloud Defense in Depth: Lessons Learned from the Kinsing Malware" class="img-lightbox wp-image-75484 u-drop-shadow" title="image_tooltip" data-lazy-srcset="https://sysdig.com/wp-content/uploads/Defense-in-Depth_3-1170x439.png 1170w, https://sysdig.com/wp-content/uploads/Defense-in-Depth_3-350x131.png 350w, https://sysdig.com/wp-content/uploads/Defense-in-Depth_3-768x288.png 768w, https://sysdig.com/wp-content/uploads/Defense-in-Depth_3-175x66.png 175w, https://sysdig.com/wp-content/uploads/Defense-in-Depth_3.png 1200w, / 1w" data-lazy-sizes="(max-width: 1170px) 100vw, 1170px" data-lazy-src="https://sysdig.com/wp-content/uploads/Defense-in-Depth_3-1170x439.png"><noscript><img decoding="async" width="1170" height="439" src="https://sysdig.com/wp-content/uploads/Defense-in-Depth_3-1170x439.png" alt="Cloud Defense in Depth: Lessons Learned from the Kinsing Malware" class="img-lightbox wp-image-75484 u-drop-shadow" title="image_tooltip" srcset="https://sysdig.com/wp-content/uploads/Defense-in-Depth_3-1170x439.png 1170w, https://sysdig.com/wp-content/uploads/Defense-in-Depth_3-350x131.png 350w, https://sysdig.com/wp-content/uploads/Defense-in-Depth_3-768x288.png 768w, https://sysdig.com/wp-content/uploads/Defense-in-Depth_3-175x66.png 175w, https://sysdig.com/wp-content/uploads/Defense-in-Depth_3.png 1200w, / 1w" sizes="(max-width: 1170px) 100vw, 1170px"></noscript></a></figure>



<h3 class="wp-block-heading">Mitigating risk for misconfigured PostgreSQL databases</h3>



<p>When exploiting image vulnerabilities, the threat actors hunt for remote code execution flaws that enable them to push their payloads. As noted in the previous diagram, there are several mitigation strategies that could be applied, such as vulnerability scanning for potentially vulnerable images, as well as hardening your network security &ndash; each of which we will discuss in the context of open source, cloud-native technologies.</p>



<h4 class="wp-block-heading" id="use">Use known registries for container&rsquo;s images</h4>



<p>Using known registries for container images is crucial to avoid database compromise because it helps ensure the integrity and security of the images used in your environment. When pulling container images from trusted and reputable registries, you can have more confidence in the authenticity and quality of the images.</p>



<p>Known registries often have established security measures in place, such as image scanning, vulnerability detection, and access controls, which help mitigate the risk of deploying compromised or malicious images. By leveraging open source tools like Trivy, you can enforce the use of known registries and perform image scanning to identify vulnerabilities and security issues.</p>



<p>In the below example, it can scan a Docker image and enforce known registries:</p>


<pre class="wp-block-code" aria-describedby="shcb-language-1" data-shcb-language-name="Perl" data-shcb-language-slug="perl"><link data-minify="1" rel="stylesheet" id="syntax-highlighting-code-block-css" href="https://sysdig.com/wp-content/cache/min/1/wp-content/plugins/syntax-highlighting-code-block/vendor/scrivo/highlight-php/styles/default.css?ver=1688759047" type="text/css" media="all"><style>.wp-block-code {
	border: 0;
	padding: 0;
	-webkit-text-size-adjust: 100%;
	text-size-adjust: 100%;
}

.wp-block-code > span {
	display: block;
	overflow: auto;
}

.shcb-language {
	border: 0;
	clip: rect(1px, 1px, 1px, 1px);
	-webkit-clip-path: inset(50%);
	clip-path: inset(50%);
	height: 1px;
	margin: -1px;
	overflow: hidden;
	padding: 0;
	position: absolute;
	width: 1px;
	word-wrap: normal;
	word-break: normal;
}

.hljs {
	box-sizing: border-box;
}

.hljs.shcb-code-table {
	display: table;
	width: 100%;
}

.hljs.shcb-code-table > .shcb-loc {
	color: inherit;
	display: table-row;
	width: 100%;
}

.hljs.shcb-code-table .shcb-loc > span {
	display: table-cell;
}

.wp-block-code code.hljs:not(.shcb-wrap-lines) {
	white-space: pre;
}

.wp-block-code code.hljs.shcb-wrap-lines {
	white-space: pre-wrap;
}

.hljs.shcb-line-numbers {
	border-spacing: 0;
	counter-reset: line;
}

.hljs.shcb-line-numbers > .shcb-loc {
	counter-increment: line;
}

.hljs.shcb-line-numbers .shcb-loc > span {
	padding-left: 0.75em;
}

.hljs.shcb-line-numbers .shcb-loc::before {
	border-right: 1px solid #ddd;
	content: counter(line);
	display: table-cell;
	padding: 0 0.75em;
	text-align: right;
	-webkit-user-select: none;
	-moz-user-select: none;
	-ms-user-select: none;
	user-select: none;
	white-space: nowrap;
	width: 1%;
}
</style><span><code class="hljs language-perl shcb-wrap-lines">trivy image --only-fixed-versions --clear-cache --<span class="hljs-keyword">exit</span>-code <span class="hljs-number">1</span> docker.io/postgresql:latest
</code></span><small class="shcb-language" id="shcb-language-1"><span class="shcb-language__label">Code language:</span> <span class="shcb-language__name">Perl</span> <span class="shcb-language__paren">(</span><span class="shcb-language__slug">perl</span><span class="shcb-language__paren">)</span></small></pre>


<p>Alternatively, tools like Docker Content Trust (DCT) provide image signing and verification mechanisms to ensure the integrity and authenticity of container images. You can set up a policy to enforce the use of signed images from known registries. This can be achieved by creating a notary configuration file (notary-config.json) with the list of trusted repositories and their associated keys.</p>


<pre class="wp-block-code" aria-describedby="shcb-language-2" data-shcb-language-name="Perl" data-shcb-language-slug="perl"><span><code class="hljs language-perl shcb-wrap-lines">{
  <span class="hljs-string">"trust_dir"</span>: <span class="hljs-string">"~/.docker/trust"</span>,
  <span class="hljs-string">"remote_server"</span>: {
    <span class="hljs-string">"url"</span>: <span class="hljs-string">"https://notary.example.com"</span>,
    <span class="hljs-string">"root_ca"</span>: <span class="hljs-string">"/path/to/root-ca.crt"</span>
  },
  <span class="hljs-string">"repositories"</span>: {
    <span class="hljs-string">"docker.io/library"</span>: {
      <span class="hljs-string">"default"</span>: {
        <span class="hljs-string">"signing_keys"</span>: [
          {
            <span class="hljs-string">"key_id"</span>: <span class="hljs-string">"&lt;your-key-id&gt;"</span>,
            <span class="hljs-string">"key_path"</span>: <span class="hljs-string">"~/.docker/trust/private/&lt;keyname&gt;.key"</span>
          }
        ]
...
</code></span><small class="shcb-language" id="shcb-language-2"><span class="shcb-language__label">Code language:</span> <span class="shcb-language__name">Perl</span> <span class="shcb-language__paren">(</span><span class="shcb-language__slug">perl</span><span class="shcb-language__paren">)</span></small></pre>


<h4 class="wp-block-heading" id="harden">Harden network access to the server</h4>



<p>Assuming your organization has failed to identify the misconfigured database server, or assuming the database is not patched in time before being pushed into a production environment that does not enforce &ldquo;least privilege&rdquo; networking controls, it&rsquo;s important to be able to detect the payload deployment from a running database workload.</p>


<pre class="wp-block-code" aria-describedby="shcb-language-3" data-shcb-language-name="Perl" data-shcb-language-slug="perl"><span><code class="hljs language-perl shcb-wrap-lines">- rule: DB program spawned process
  desc: &gt;
    a database-server related program spawned a new process other than itself.
    This shouldn\<span class="hljs-string">'t occur and is a follow on from some SQL injection attacks.
  condition: &gt;
    proc.pname in (db_server_binaries)
    and spawned_process
    and not proc.name in (db_server_binaries)
    and not postgres_running_wal_e
    and not user_known_db_spawned_processes
  output: &gt;
    Database-related program spawned process other than itself (user=%user.name user_loginuid=%user.loginuid
    program=%proc.cmdline pid=%proc.pid parent=%proc.pname container_id=%container.id image=%container.image.repository)
  priority: NOTICE
  tags: [host, container, process, database, mitre_execution, T1190]
</span></code></span><small class="shcb-language" id="shcb-language-3"><span class="shcb-language__label">Code language:</span> <span class="shcb-language__name">Perl</span> <span class="shcb-language__paren">(</span><span class="shcb-language__slug">perl</span><span class="shcb-language__paren">)</span></small></pre>


<p>The provided Falco detection rule reveals that we can identify instances where the compromised PostgreSQL database spawns a process other than itself. This is a clear indication of compromise associated with the Kinsing malware or potential SQL injection attacks on databases.</p>



<h4 class="wp-block-heading" id="scan">Scan images for vulnerabilities</h4>



<p>Scanning images for vulnerabilities in the CI/CD pipeline and ensuring their origin from known registries are two crucial practices that should not be overlooked. However, one often neglected aspect is the runtime scanning of in-use containers to identify vulnerabilities.</p>



<p>To assess the vulnerability status of your PostgreSQL database, the open source tool Anchore Engine is highly recommended. Anchore Engine offers extensive image scanning capabilities and vulnerability analysis specifically designed for containers during runtime, providing valuable insights into the security posture of your PostgreSQL database.</p>



<p>Pull the container image you want to scan using Docker:<br><code>docker pull postgresql:latest</code></p>



<p><br>You can then scan the pulled image using Anchore Engine. The &#8216;<strong>add</strong>&#8216; action is used to add a container image to Anchore Engine for analysis. On the other hand, the &#8216;<strong>wait</strong>&#8216; action quite literally waits for the analysis of a specific image to complete. Finally, the &#8216;<strong>content</strong>&#8216; command retrieves the detailed information about the content of an image.</p>


<pre class="wp-block-code" aria-describedby="shcb-language-4" data-shcb-language-name="Perl" data-shcb-language-slug="perl"><span><code class="hljs language-perl shcb-wrap-lines">docker run -e ANCHORE_CLI_URL=http:<span class="hljs-regexp">//</span>&lt;anchore-engine-host&gt;:<span class="hljs-number">8228</span>/v1 --rm anchore/anchore-cli image add postgresql:latest
docker run -e ANCHORE_CLI_URL=http:<span class="hljs-regexp">//</span>&lt;anchore-engine-host&gt;:<span class="hljs-number">8228</span>/v1 --rm anchore/anchore-cli image <span class="hljs-keyword">wait</span> postgresql:latest
docker run -e ANCHORE_CLI_URL=http:<span class="hljs-regexp">//</span>&lt;anchore-engine-host&gt;:<span class="hljs-number">8228</span>/v1 --rm anchore/anchore-cli image content postgresql:latest
</code></span><small class="shcb-language" id="shcb-language-4"><span class="shcb-language__label">Code language:</span> <span class="shcb-language__name">Perl</span> <span class="shcb-language__paren">(</span><span class="shcb-language__slug">perl</span><span class="shcb-language__paren">)</span></small></pre>


<p>Of course, you&rsquo;ll need to replace <code>&lt;anchore-engine-host&gt;</code> with the hostname or IP address of your Anchore Engine instance. Once you have done this, Anchore Engine will analyze the image and provide a detailed vulnerability report, including information about any vulnerabilities found in the image&#8217;s packages and dependencies. This confirms if your running containerized database can be compromised by the Kinsing malware.</p>



<h4 class="wp-block-heading" id="patch">Patch on time</h4>



<p>Having a robust patch management strategy for databases in Kubernetes remains crucial despite the rollout process for containers. While containers provide isolation and encapsulation, vulnerabilities can still exist within container images, including the database software. Therefore, it&rsquo;s vital to regularly update and patch the databases to address security vulnerabilities and stay protected against potential exploits.</p>



<p>However, due to the dynamic and automated nature of container deployment in Kubernetes, relying solely on manual patching may not be sufficient. This is where a tool like Gatekeeper comes into play. By leveraging Gatekeeper, you can enforce policies that reject containers with failed Common Vulnerabilities and Exposures (CVE) scores, ensuring that only containers with acceptable security levels are deployed.</p>



<p>This proactive approach complements the patch management strategy, providing an additional layer of defense against potential security risks in containerized databases. To reject known CVEs at runtime using OPA Gatekeeper, you can define policies that check for specific vulnerabilities and enforce restrictions on the deployment of resources that have those vulnerabilities. These policies can be written using the Rego language, which is the policy language used by OPA.</p>


<pre class="wp-block-code" aria-describedby="shcb-language-5" data-shcb-language-name="Perl" data-shcb-language-slug="perl"><span><code class="hljs language-perl shcb-wrap-lines"><span class="hljs-keyword">package</span> kubernetes.cve_rejection
deny[msg] {
  input.kind == <span class="hljs-string">"Deployment"</span>
  input.apiVersion == <span class="hljs-string">"apps/v1"</span>
  input.metadata.labels.app == <span class="hljs-string">"postgresql"</span>
  input.spec.template.spec.containers[<span class="hljs-number">_</span>].image == <span class="hljs-string">"vulnerable-image:latest"</span>  
  msg = <span class="hljs-string">"Deployment of my-app with vulnerable image is not allowed."</span>
}
</code></span><small class="shcb-language" id="shcb-language-5"><span class="shcb-language__label">Code language:</span> <span class="shcb-language__name">Perl</span> <span class="shcb-language__paren">(</span><span class="shcb-language__slug">perl</span><span class="shcb-language__paren">)</span></small></pre>


<p>In this example, the policy checks if a deployment resource with the label<code> <strong>app: postgresql</strong></code> that is using the image <code><strong>vulnerable-image:latest</strong> </code>is being created. If such a deployment is detected, the policy triggers and rejects it with a corresponding error message.</p>



<p>Gatekeeper creates a ConstraintTemplate manifest that defines the policy and can be used to create Constraints that are applied to specific resources. By utilizing OPA Gatekeeper in this manner, you can enforce runtime rejection of known CVEs by defining and applying custom policies that match your specific vulnerability criteria.</p>



<h3 class="wp-block-heading">Preventing Exploitation of Container Images</h3>



<p>To prevent exploitation of container images, it is essential to implement key security measures. These include removing trust authentication, securing network access, removing default users, and enforcing tight RBAC controls. By taking these steps, you can enhance the security of your containerized databases and reduce the risk of unauthorized access and potential breaches.</p>



<h4 class="wp-block-heading" id="remove">Remove trust authentication</h4>



<p>One of the most common misconfigurations the attackers leverage is the &lsquo;trust authentication&rsquo; setting, which instructs PostgreSQL to assume that &ldquo;anyone who can connect to the server is authorized to access the database.&rdquo; Where possible, it&rsquo;s strongly recommended to disable this setting.</p>



<p>An open source tool that can help enforce authentication settings and security policies in PostgreSQL is <a href="https://github.com/pgaudit/pgaudit">pgAudit</a>. This tool provides detailed logging and monitoring capabilities for PostgreSQL, including the ability to log and analyze authentication attempts and database activity.</p>



<p>By configuring pgAudit, you can gain insights into authentication patterns and identify any unauthorized access attempts. However, Falco works to detect suspicious process activity from the Postgres database. By working together, they address the authentication behavior and the process behavior.</p>



<h4 class="wp-block-heading" id="network">Harden the network access to the database</h4>



<p>Another mistake is assigning an IP address range that is far too wide, including any IP address the attacker may be using to give them access to the server. This means that Kubernetes Network Policies, and network visibility in general, are heavily required for both the vulnerable image and the misconfigured PostgreSQL database.</p>



<p>Attacks start with scanning of a wide range of IP addresses, looking for an open port that matches the default port of specific, popular web applications like WordPress. The general best practice in these cases would be to minimize access to exposed containers by using IP allow lists and following least privilege principles.</p>



<p>By default, all pods within a Kubernetes cluster can communicate with each other without any restrictions. Kubernetes Network Policies help you isolate the microservice applications from each other to limit the blast radius and improve the overall security posture.</p>



<p>Thankfully, Kubernetes Network Policies allow users to generate &ldquo;<a href="https://sysdig.com/blog/cspm-least-privilege-principle/">least-privilege</a>&rdquo; policies to protect your workloads. You need to understand what port and IP traffic you wish to allow for your PostgreSQL workload. That way, we only allow what we are expecting, regardless of whether the workload is compromised or not.</p>


<pre class="wp-block-code" aria-describedby="shcb-language-6" data-shcb-language-name="Perl" data-shcb-language-slug="perl"><span><code class="hljs language-perl shcb-wrap-lines">apiVersion: projectcalico.org/v3
kind: NetworkPolicy
Metadata:
  name: postgresql-policy
Spec:
  Selector:
    matchLabels:
      app: postgresql
  Ingress:
    - action: Allow
      protocol: tcp
      Source:
        selector: app=app1
      Destination:
        Ports:
          - <span class="hljs-number">5432</span>
  Egress:
    - action: Allow
      protocol: tcp
      Destination:
        selector: app=frontend
      Source:
        Ports:
          - <span class="hljs-number">5432</span>
</code></span><small class="shcb-language" id="shcb-language-6"><span class="shcb-language__label">Code language:</span> <span class="shcb-language__name">Perl</span> <span class="shcb-language__paren">(</span><span class="shcb-language__slug">perl</span><span class="shcb-language__paren">)</span></small></pre>


<p><br>The above policy targets pods labeled with app: postgresql. The policy only allows ingress (incoming) traffic on port 5432 (the default port for PostgreSQL) from pods labeled with app: frontend. It also allows egress (outgoing) traffic to pods labeled with app: frontend on port 5432.</p>



<p>This network policy also assumes that you have already deployed and labeled your PostgreSQL and frontend pods accordingly. You will need to adjust the policy based on your deployment configuration.</p>



<figure class="wp-block-image aligncenter size-large"><a href="https://sysdig.com/wp-content/uploads/Defense-in-Depth_2.png"><img decoding="async" width="1170" height="563" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%201170%20563'%3E%3C/svg%3E" alt="Cloud Defense in Depth: Lessons Learned from the Kinsing Malware" class="img-lightbox wp-image-75483 u-drop-shadow" title="image_tooltip" data-lazy-srcset="https://sysdig.com/wp-content/uploads/Defense-in-Depth_2-1170x563.png 1170w, https://sysdig.com/wp-content/uploads/Defense-in-Depth_2-350x168.png 350w, https://sysdig.com/wp-content/uploads/Defense-in-Depth_2-768x369.png 768w, https://sysdig.com/wp-content/uploads/Defense-in-Depth_2-1536x738.png 1536w, https://sysdig.com/wp-content/uploads/Defense-in-Depth_2-175x84.png 175w, https://sysdig.com/wp-content/uploads/Defense-in-Depth_2.png 1822w, / 1w" data-lazy-sizes="(max-width: 1170px) 100vw, 1170px" data-lazy-src="https://sysdig.com/wp-content/uploads/Defense-in-Depth_2-1170x563.png"><noscript><img decoding="async" width="1170" height="563" src="https://sysdig.com/wp-content/uploads/Defense-in-Depth_2-1170x563.png" alt="Cloud Defense in Depth: Lessons Learned from the Kinsing Malware" class="img-lightbox wp-image-75483 u-drop-shadow" title="image_tooltip" srcset="https://sysdig.com/wp-content/uploads/Defense-in-Depth_2-1170x563.png 1170w, https://sysdig.com/wp-content/uploads/Defense-in-Depth_2-350x168.png 350w, https://sysdig.com/wp-content/uploads/Defense-in-Depth_2-768x369.png 768w, https://sysdig.com/wp-content/uploads/Defense-in-Depth_2-1536x738.png 1536w, https://sysdig.com/wp-content/uploads/Defense-in-Depth_2-175x84.png 175w, https://sysdig.com/wp-content/uploads/Defense-in-Depth_2.png 1822w, / 1w" sizes="(max-width: 1170px) 100vw, 1170px"></noscript></a></figure>



<p>Native Kubernetes Network Policies do not require any additional networking requirements other than the (Container Networking Interface) CNIs already supported. The example we provided was for <a href="https://docs.tigera.io/calico/latest/network-policy/get-started/calico-policy/calico-network-policy">Calico Network Policies</a>. You can use either Calico, Cilium, or the default Network Policy implementation to achieve this security goal.</p>



<p>A second &ldquo;Default-Deny&rdquo; policy is required to ensure all traffic that wasn&rsquo;t already allowed in the packet pipeline should be dropped. This is a global default deny rule for a cluster that excludes CoreDNS (UDP port 53) traffic from being blocked. If this is too broad, you can create a default-deny on a per network namespace-level.</p>


<pre class="wp-block-code" aria-describedby="shcb-language-7" data-shcb-language-name="Perl" data-shcb-language-slug="perl"><span><code class="hljs language-perl shcb-wrap-lines">apiVersion: projectcalico.org/v3
kind: GlobalNetworkPolicy
Metadata:
  name: deny-app-policy
Spec:
  namespaceSelector: has(projectcalico.org/name) &amp;&amp; projectcalico.org/name <span class="hljs-keyword">not</span> in {<span class="hljs-string">"kube-system"</span>}
  Types:
  - Ingress
  - Egress
  Egress:
  - action: Allow
    protocol: UDP
    Destination:
      selector: <span class="hljs-string">'k8s-app == "kube-dns"'</span>
      Ports:
      - <span class="hljs-number">53</span>
</code></span><small class="shcb-language" id="shcb-language-7"><span class="shcb-language__label">Code language:</span> <span class="shcb-language__name">Perl</span> <span class="shcb-language__paren">(</span><span class="shcb-language__slug">perl</span><span class="shcb-language__paren">)</span></small></pre>


<p>Network Policies certainly narrowed the blast radius of the attack, but they do not address the initial compromise. That&rsquo;s where we need a defense-in-depth strategy powered by deep intrusion detection capabilities with Falco. If a packet is being dropped, we need to know why. Is it a suspicious network connection? IPTables won&rsquo;t give us this kind of context on its own:</p>


<pre class="wp-block-code" aria-describedby="shcb-language-8" data-shcb-language-name="Perl" data-shcb-language-slug="perl"><span><code class="hljs language-perl shcb-wrap-lines">- rule: Outbound <span class="hljs-keyword">or</span> Inbound Traffic <span class="hljs-keyword">not</span> to Authorized Server Process <span class="hljs-keyword">and</span> Port
  desc: Detects traffic that is <span class="hljs-keyword">not</span> to an authorized server process <span class="hljs-keyword">and</span> port.
  condition: &gt;
    inbound_outbound <span class="hljs-keyword">and</span>
    container <span class="hljs-keyword">and</span>
    container.image.repository in (allowed_image) <span class="hljs-keyword">and</span>
    <span class="hljs-keyword">not</span> proc.name in (authorized_server_binary) <span class="hljs-keyword">and</span>
    <span class="hljs-keyword">not</span> fd.sport in (authorized_server_port)
  enabled: false
  output: &gt;
    Network connection outside authorized port <span class="hljs-keyword">and</span> binary
    (command=%proc.cmdline pid=%proc.pid connection=%fd.name user=%user.name user_loginuid=%user.loginuid container_id=%container.id
    image=%container.image.repository)
  priority: WARNING
  tags: [container, network, mitre_discovery, TA0011]
</code></span><small class="shcb-language" id="shcb-language-8"><span class="shcb-language__label">Code language:</span> <span class="shcb-language__name">Perl</span> <span class="shcb-language__paren">(</span><span class="shcb-language__slug">perl</span><span class="shcb-language__paren">)</span></small></pre>


<h4 class="wp-block-heading" id="default">Remove default users, and extensive permissions</h4>



<p>Default users play a crucial role in enhancing the security of a PostgreSQL database. It is important to eliminate default users to minimize the risk of unauthorized access or potential security breaches. Default users often have broad permissions and known credentials, making them attractive targets for attackers.</p>



<p>However, it is equally, if not more, important to enforce granular RBAC controls in Kubernetes to limit the blast radius. By implementing RBAC, you can assign specific roles and permissions to individual users or service accounts, ensuring they have only the necessary privileges required to perform their tasks.</p>



<p>Another open source tool that could help enforce these granular RBAC controls is the <a href="https://github.com/FairwindsOps/rbac-manager">Kubernetes RBAC Manager</a>. It allows you to define and manage RBAC policies declaratively using custom resources.</p>


<pre class="wp-block-code" aria-describedby="shcb-language-9" data-shcb-language-name="Perl" data-shcb-language-slug="perl"><span><code class="hljs language-perl shcb-wrap-lines">apiVersion: rbacmanager.reactiveops.io/v1beta1
kind: RBACDefinition
Metadata:
  name: database-access
Spec:
  Roles:
    - name: database-reader
      Rules:
        - apiGroups: [<span class="hljs-string">"postgres.databases.io"</span>]
          resources: [<span class="hljs-string">"database"</span>]
          verbs: [<span class="hljs-string">"get"</span>, <span class="hljs-string">"list"</span>]
    - name: database-writer
      Rules:
        - apiGroups: [<span class="hljs-string">"postgres.databases.io"</span>]
          resources: [<span class="hljs-string">"database"</span>]
          verbs: [<span class="hljs-string">"get"</span>, <span class="hljs-string">"list"</span>, <span class="hljs-string">"create"</span>, <span class="hljs-string">"update"</span>, <span class="hljs-string">"delete"</span>]
  roleBindings:
    - name: <span class="hljs-keyword">read</span>-access-binding
      Subjects:
        - kind: User
          name: nigel
      roleName: database-reader
    - name: <span class="hljs-keyword">write</span>-access-binding
      Subjects:
        - kind: User
          name: daniel
      roleName: database-writer
</code></span><small class="shcb-language" id="shcb-language-9"><span class="shcb-language__label">Code language:</span> <span class="shcb-language__name">Perl</span> <span class="shcb-language__paren">(</span><span class="shcb-language__slug">perl</span><span class="shcb-language__paren">)</span></small></pre>


<p>RBAC is defined to create two roles:</p>



<ul>
<li>database-reader with read-only access</li>



<li>database-writer with read and write access to the database resource</li>
</ul>



<p>The RoleBindings then associate the roles with specific users (Nigel and Daniel in this case). With Kubernetes RBAC Manager, you can ensure that only authorized users have the necessary permissions within Kubernetes, limiting the blast radius and maintaining a more secure environment.</p>



<p>By directly capturing system call events from the host in real-time, the Falco agent enables prompt alerting. If your PostgreSQL database has fallen victim to the Kinsing malware, it is important to note that this malware primarily targets Linux-based systems and Docker containers. Typically, the objective of the Kinsing malware is to do harm within Kubernetes &ndash; not to expand into the cloud.</p>



<p>However, if your Kubernetes environment has been compromised, how can you prevent adversaries from advancing from cloud-native workloads into the cloud? This becomes particularly relevant when your Kubernetes cluster is a managed service in the cloud, such as Elastic Kubernetes Service (EKS) on AWS. These considerations are integral to an end-to-end security plan, as it emphasizes the need to secure not only the image pipeline and container runtime, but also the cloud services hosting your cloud-native workloads.</p>



<h3 class="wp-block-heading">Preventing Lateral Movement to the Cloud</h3>



<p>It&rsquo;s worth noting that movement from a compromised PostgreSQL database to the cloud would involve leveraging additional techniques and exploiting vulnerabilities in the cloud infrastructure. Here&#8217;s a generalized scenario that an adversary could usually follow to gain access to the cloud account that hosts the Kubernetes clusters and PostgreSQL workload:</p>



<ol>
<li>The <strong>initial compromise</strong> has already been discussed. <br>The adversary has gained access to the PostgreSQL database through various means, such as exploiting vulnerabilities, weak passwords, or insecure configurations.</li>



<li>Now, the adversary needs to <strong>escalate privileges </strong>within the compromised database to gain broader access and control over the system. <br>This can involve exploiting privilege escalation vulnerabilities, but is usually achieved by leveraging weak database configurations.</li>



<li>Assuming they have successfully identified the weaknesses in the database configuration or exploited a known vulnerability, they can perform <strong>reconnaissance</strong> to gather information about the targeted cloud environment. <br>This includes identifying the cloud provider, understanding the network architecture, and mapping out potential entry points.</li>
</ol>



<p>Remember, they are doing all of this on the host server that is hosting the PostgreSQL DB. Falco is therefore able to detect instances where the attacker is trying to search for private keys or sensitive credentials on those systems.</p>



<h4 class="wp-block-heading" id="detect">Detect attempts to access sensitive credentials in Kubernetes</h4>



<p>In an attempt to steal private keys or passwords from a Kubernetes cluster, an adversary might utilize the grep command to search through various files, logs, or configuration data within the cluster. By leveraging regular expressions, they can identify patterns associated with private keys or passwords, extracting sensitive information that could grant them unauthorized access to the cluster&#8217;s resources and compromise the security of the entire environment.</p>


<pre class="wp-block-code" aria-describedby="shcb-language-10" data-shcb-language-name="Perl" data-shcb-language-slug="perl"><span><code class="hljs language-perl shcb-wrap-lines">- rule: Search Private Keys <span class="hljs-keyword">or</span> Passwords
  desc: Detects <span class="hljs-keyword">grep</span> private <span class="hljs-keyword">keys</span> <span class="hljs-keyword">or</span> passwords activity.
  condition: &gt;
    (spawned_process <span class="hljs-keyword">and</span>
     ((grep_commands <span class="hljs-keyword">and</span> private_key_or_password) <span class="hljs-keyword">or</span>
      (proc.name = <span class="hljs-string">"find"</span> <span class="hljs-keyword">and</span> (proc.args contains <span class="hljs-string">"id_rsa"</span> <span class="hljs-keyword">or</span> proc.args contains <span class="hljs-string">"id_dsa"</span>)))
    )
  output: &gt;
    Grep private <span class="hljs-keyword">keys</span> <span class="hljs-keyword">or</span> passwords activities found
    (user=%user.name user_loginuid=%user.loginuid command=%proc.cmdline pid=%proc.pid container_id=%container.id container_name=%container.name
    image=%container.image.repository:%container.image.tag)
  Priority: WARNING
  tags: [host, container, process, filesystem, mitre_credential_access, T1552.<span class="hljs-number">001</span>]
</code></span><small class="shcb-language" id="shcb-language-10"><span class="shcb-language__label">Code language:</span> <span class="shcb-language__name">Perl</span> <span class="shcb-language__paren">(</span><span class="shcb-language__slug">perl</span><span class="shcb-language__paren">)</span></small></pre>


<p>Assuming you don&rsquo;t have real-time detection capabilities for this sort of behavior, the adversary could exploit cloud infrastructure vulnerabilities undetected, such as weak access controls, exposed management interfaces, or unpatched software. Kinsing may attempt to exploit these weaknesses to gain unauthorized access to the cloud infrastructure. This further reinforces the need for real-time detections.</p>



<h4 class="wp-block-heading" id="extend">Extend detection capabilities to cloud services</h4>



<p>Extending detection capabilities to the cloud is essential to enhance overall security in Kubernetes environments. By correlating exfiltration attempts in Kubernetes with suspicious activities in the cloud, such as unauthorized deletion of S3 bucket encryption, organizations can gain a comprehensive view of potential security incidents and detect sophisticated attack patterns.</p>


<pre class="wp-block-code" aria-describedby="shcb-language-11" data-shcb-language-name="Perl" data-shcb-language-slug="perl"><span><code class="hljs language-perl shcb-wrap-lines">- rule: Delete Bucket Encryption
  desc: Detects the deletion of configurations used to encrypt bucket storage.
  Condition:
    ct.name=<span class="hljs-string">"DeleteBucketEncryption"</span> <span class="hljs-keyword">and</span> <span class="hljs-keyword">not</span> ct.error <span class="hljs-keyword">exists</span>
  Output:
    A encryption configuration <span class="hljs-keyword">for</span> a bucket has been deleted
    (requesting user=%ct.user,
     requesting IP=%ct.srcip,
     AWS region=%ct.region,
     bucket=%s3.bucket)
  priority: CRITICAL
  source: aws_cloudtrail</code></span><small class="shcb-language" id="shcb-language-11"><span class="shcb-language__label">Code language:</span> <span class="shcb-language__name">Perl</span> <span class="shcb-language__paren">(</span><span class="shcb-language__slug">perl</span><span class="shcb-language__paren">)</span></small></pre>


<p>By extending detection capabilities to the cloud, organizations can establish a holistic, cloud defense in depth security approach that covers both Kubernetes and cloud environments, ensuring a stronger defense against emerging threats and reducing the likelihood of data exfiltration and unauthorized access.</p>



<h2 class="wp-block-heading" id="conclusion">Conclusion</h2>



<p>To mitigate the risks associated with Kinsing malware attacks, organizations can adopt a comprehensive, open source approach that combines shift-left security practices and robust defensive measures. This involves implementing image scanning for vulnerabilities during the pipeline phase and continuously monitoring running containers for potential exploits.</p>



<p>It is crucial to acknowledge the potential for attacks originating in cloud-native, containerized workloads, such as PostgreSQL, to propagate within Kubernetes and potentially extend into the cloud. While attacker techniques may evolve over time, adhering to these best practices provides a solid foundation for maintaining a robust security plan.</p>



<p>By following these guidelines, organizations can have greater confidence in the effectiveness of their security measures. For further insights, the Sysdig webinar on the value of combining shift-left and shield-right methodologies can provide valuable information: <a href="https://go.sysdig.com/WebShiftCloudSecurityEMEA.html">https://go.sysdig.com/WebShiftCloudSecurityEMEA.html</a>.</p>
</body></html>
</div>			</div>

							<div class="col-12">
				<div class="wp-block-rb-pathfactory-concierge">
					<div id="pf-concierge"></div>
				</div>
			</div>
		
		    
	    <div class="col-12">
	    <div class="c-banner c-banner-form col-12 mt-10 py-12 px-5 md:py-8 md:px-14">
  <div class="row items-center">
    <div class="col-12 col-md-7 flex flex-column">
            <p class="h5 mb-6 md:mb-0">Subscribe and get the latest updates</p>
          </div>

    <div class="col-12 col-md-5 flex flex-col justify-start items-start md:flex-row md:justify-end md:items-center">
          <div class="u-spinner js-spinner__3811">
        <div class="u-spinner__cube1"></div>
        <div class="u-spinner__cube2"></div>
    </div>
    <form data-submit-button="Submit" data-formID="3811" data-formInstance="one" data-formTemplate="newsletter" style="display: none;" class="sysdig-form  columns-single" data-successType="success-message" data-recaptcha="false"></form>
    <div id="success-message" style="display: none;">
		<p class="font-family-karla c-heading">Thank You For Signing Up!</p>    </div>
    <div id="error-message" style="display: none;">
    <div class="col u-align-width-wide c-form-contact">
        <div class="js-success-message col-md-12 text-center">
            <p class="c-heading text-black text-center mb-6">This form failed to load.</p>
            <p class="c-subhead c-subhead--sans text-center text-bluish-grey mb-6">An ad blocking extension or strict tracking protection is preventing this form from loading. Please temporarily disable ad blocking or whitelist this site, use less restrictive tracking protection, or enable JavaScript to load this form. If you are unable to complete this form, please email us at <a href="/cdn-cgi/l/email-protection#e093818c8593a0939993848987ce838f8d"><span class="__cf_email__" data-cfemail="7003111c1503300309031419175e131f1d">[email&#160;protected]</span></a> and a sales rep will contact you.</p>
        </div>
    </div>
</div>    </div>
  </div>
</div>	    </div>
	</div>
</div>


</div><!-- #content -->

<footer id="site-footer">

    
        <div class="site-footer--top">
            <div class="o-container container">
                <div class="row">
                    <div class="col-12 pt-12 pb-8 md:py-24">
                        <ul id="menu-footer" class="navbar-nav grid grid-cols-2 md:grid-cols-5 gap-5"><li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children nav-item"><a>Products</a>
<ul class="sub-menu">
	<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" class="menu-item menu-item-type-custom menu-item-object-custom nav-item"><a href="/products/secure/">Sysdig Secure</a></li>
	<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" class="menu-item menu-item-type-custom menu-item-object-custom nav-item"><a href="/products/monitor/">Sysdig Monitor</a></li>
</ul>
</li>
<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children nav-item"><a>Partners</a>
<ul class="sub-menu">
	<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" class="menu-item menu-item-type-custom menu-item-object-custom nav-item"><a href="/partners/">Sysdig Partners</a></li>
	<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" class="menu-item menu-item-type-post_type menu-item-object-page nav-item"><a href="https://sysdig.com/deal-registration/">Deal Registration</a></li>
	<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" class="menu-item menu-item-type-post_type menu-item-object-page nav-item"><a href="https://sysdig.com/partnerships-contact/">Partner Signup</a></li>
	<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" class="menu-item menu-item-type-post_type menu-item-object-page nav-item"><a href="https://sysdig.com/partner-locator/">Partner Locator</a></li>
	<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" class="menu-item menu-item-type-post_type menu-item-object-page nav-item"><a href="https://sysdig.com/integrations/">Integrations</a></li>
</ul>
</li>
<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children nav-item"><a>Company</a>
<ul class="sub-menu">
	<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" class="menu-item menu-item-type-custom menu-item-object-custom nav-item"><a href="/about/">About Us</a></li>
	<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" class="menu-item menu-item-type-custom menu-item-object-custom nav-item"><a href="/company/leadership/">Leadership</a></li>
	<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" class="menu-item menu-item-type-custom menu-item-object-custom nav-item"><a href="/careers/">Careers</a></li>
	<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" class="menu-item menu-item-type-custom menu-item-object-custom nav-item"><a href="/newsroom/">Newsroom</a></li>
	<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" class="menu-item menu-item-type-custom menu-item-object-custom nav-item"><a href="/contact-us/">Contact Us</a></li>
	<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" class="menu-item menu-item-type-custom menu-item-object-custom nav-item"><a href="/legal/">Legal</a></li>
	<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" class="menu-item menu-item-type-custom menu-item-object-custom nav-item"><a href="/sitemap/">Sitemap</a></li>
</ul>
</li>
<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children nav-item"><a>Support</a>
<ul class="sub-menu">
	<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" class="menu-item menu-item-type-custom menu-item-object-custom nav-item"><a href="https://kb.sysdig.com/" target="_blank">Knowledgebase</a></li>
	<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" class="menu-item menu-item-type-custom menu-item-object-custom nav-item"><a href="https://docs.sysdig.com/" target="_blank">Documentation</a></li>
	<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" class="menu-item menu-item-type-custom menu-item-object-custom nav-item"><a href="https://cx.sysdig.com/s/web-to-case/" target="_blank">Submit a Ticket</a></li>
	<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" class="menu-item menu-item-type-custom menu-item-object-custom nav-item"><a href="/company/sysdig-status/" target="_blank">Sysdig Status</a></li>
	<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" class="menu-item menu-item-type-custom menu-item-object-custom nav-item"><a href="/support/customer-success/">Customer Success</a></li>
</ul>
</li>
<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children nav-item"><a href="#"><img width="122" height="44" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%20122%2044'%3E%3C/svg%3E" class="attachment-full size-full" alt="" decoding="async" data-lazy-src="https://sysdig.com/wp-content/uploads/logo-white.svg" /><noscript><img width="122" height="44" src="https://sysdig.com/wp-content/uploads/logo-white.svg" class="attachment-full size-full" alt="" decoding="async" /></noscript></a>
<ul class="sub-menu">
	<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" class="menu-item menu-item-type-custom menu-item-object-custom nav-item"><a href="https://twitter.com/sysdig" target="_blank">Twitter</a></li>
	<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" class="menu-item menu-item-type-custom menu-item-object-custom nav-item"><a href="https://github.com/draios" target="_blank">Github</a></li>
	<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" class="menu-item menu-item-type-custom menu-item-object-custom nav-item"><a href="https://slack.sysdig.com/" target="_blank">Slack</a></li>
	<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" class="menu-item menu-item-type-custom menu-item-object-custom nav-item"><a href="https://www.youtube.com/sysdig" target="_blank">Youtube</a></li>
	<li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" class="menu-item menu-item-type-custom menu-item-object-custom nav-item"><a href="https://www.linkedin.com/company/sysdig/" target="_blank">LinkedIn</a></li>
</ul>
</li>
</ul>                    </div>
                </div>
            </div>
        </div>

    
    <div class="site-footer--bottom py-5">
        <div class="o-container container">
            <div class="row">
                <div class="col-12">
                    <div class="inline-flex pr-0 pb-4 md:pr-12 md:pb-0">&reg; Copyright 2023 Sysdig,
                        Inc. All Rights Reserved.
                    </div>
                    <ul id="menu-footer-bottom" class="navbar-nav inline-flex flex-row"><li id="menu-item-69053" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-69053"><a href="/legal/privacy-policy/">Privacy Policy</a></li>
<li id="menu-item-71915" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-71915"><a href="/legal/subprocessors/">Subprocessors</a></li>
<li id="menu-item-71917" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-71917"><a href="/legal/trust-center/">Trust Center</a></li>
</ul>                </div>
            </div>
        </div>
    </div>

</footer>

</div><!-- #page --><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script><script type='text/javascript' src='https://sysdig.com/wp-content/themes/sysdig/public/scripts/slick.min.js?ver=1.8.1' id='slick-js' defer></script>
<script type='text/javascript' src='https://sysdig.com/wp-content/themes/sysdig/assets/scripts/vendor/popper.min.js?ver=6.2.2' id='popper-js' defer></script>
<script type='text/javascript' src='https://sysdig.com/wp-content/themes/sysdig/assets/scripts/vendor/bootstrap.min.js?ver=4.0.0' id='sysdig-bootstrap-js' defer></script>
<script type='text/javascript' src='https://sysdig.com/wp-content/themes/sysdig/assets/scripts/vendor/ekko-lightbox.min.js?ver=20220602-1330' id='ekko-lightbox-js' defer></script>
<script type='text/javascript' src='https://www.youtube.com/iframe_api?ver=6.2.2' id='yt-iframe-api-js' defer></script>
<script type='text/javascript' id='v4-sysdig-main-js-extra'>
/* <![CDATA[ */
var sysdigLocalizedObject = {"ajaxUrl":"https:\/\/sysdig.com\/wp-admin\/admin-ajax.php","rest_url":"https:\/\/sysdig.com\/wp-json\/","nonce":"f9e49a71be","nonce_chaos":"912c47cb2d","page_id":"75481"};
/* ]]> */
</script>
<script type='text/javascript' src='https://sysdig.com/wp-content/themes/sysdig/public/scripts/main-v4.js?ver=1686950061' id='v4-sysdig-main-js' defer></script>
<script type='text/javascript' src='https://sysdig.com/wp-content/themes/sysdig/public/scripts/rddl.js?ver=1672868000' id='v4-sysdig-rddl-js' defer></script>
<script type='text/javascript' src='https://sysdig.com/wp-content/themes/sysdig/assets/scripts/dev/components/rb-marketo-forms.js?ver=20230601-0859' id='marketo-forms-js' defer></script>
<script type='text/javascript' src='https://www.google.com/recaptcha/api.js?render=6LdNcz8cAAAAAJuTxEErvwDxSyMsMZTAgCJqmIov&#038;ver=2022-03-02' id='google-recaptcha-js'></script>
<script type='text/javascript' src='https://sysdig.com/wp-content/themes/sysdig/public/scripts/components/announcement-bar.js?ver=20230221-1053' id='announcement-bar-js' defer></script>
<script type='text/javascript' src='https://sysdig.com/wp-content/themes/sysdig/public/scripts/components/anchors.js?ver=1681414466' id='sysdig-anchors-js' defer></script>
<script type='text/javascript' src='https://sysdig.com/wp-content/themes/sysdig/assets/scripts/dev/lib/teknkl-simpledto-1.0.4.js?ver=1.0.4' id='teknkl-simpledto-js' defer></script>
<script type='text/javascript' src='https://sysdig.com/wp-content/themes/sysdig/assets/scripts/dev/components/dto.js?ver=20211007-1645' id='marketo-dto-js' defer></script>
<script>window.lazyLoadOptions=[{elements_selector:"img[data-lazy-src],.rocket-lazyload",data_src:"lazy-src",data_srcset:"lazy-srcset",data_sizes:"lazy-sizes",class_loading:"lazyloading",class_loaded:"lazyloaded",threshold:300,callback_loaded:function(element){if(element.tagName==="IFRAME"&&element.dataset.rocketLazyload=="fitvidscompatible"){if(element.classList.contains("lazyloaded")){if(typeof window.jQuery!="undefined"){if(jQuery.fn.fitVids){jQuery(element).parent().fitVids()}}}}}},{elements_selector:".rocket-lazyload",data_src:"lazy-src",data_srcset:"lazy-srcset",data_sizes:"lazy-sizes",class_loading:"lazyloading",class_loaded:"lazyloaded",threshold:300,}];window.addEventListener('LazyLoad::Initialized',function(e){var lazyLoadInstance=e.detail.instance;if(window.MutationObserver){var observer=new MutationObserver(function(mutations){var image_count=0;var iframe_count=0;var rocketlazy_count=0;mutations.forEach(function(mutation){for(var i=0;i<mutation.addedNodes.length;i++){if(typeof mutation.addedNodes[i].getElementsByTagName!=='function'){continue}
if(typeof mutation.addedNodes[i].getElementsByClassName!=='function'){continue}
images=mutation.addedNodes[i].getElementsByTagName('img');is_image=mutation.addedNodes[i].tagName=="IMG";iframes=mutation.addedNodes[i].getElementsByTagName('iframe');is_iframe=mutation.addedNodes[i].tagName=="IFRAME";rocket_lazy=mutation.addedNodes[i].getElementsByClassName('rocket-lazyload');image_count+=images.length;iframe_count+=iframes.length;rocketlazy_count+=rocket_lazy.length;if(is_image){image_count+=1}
if(is_iframe){iframe_count+=1}}});if(image_count>0||iframe_count>0||rocketlazy_count>0){lazyLoadInstance.update()}});var b=document.getElementsByTagName("body")[0];var config={childList:!0,subtree:!0};observer.observe(b,config)}},!1)</script><script data-no-minify="1" async src="https://sysdig.com/wp-content/plugins/wp-rocket/assets/js/lazyload/17.8.3/lazyload.min.js"></script>	</body> 
</html>  	
</main><!-- #main --></div><!-- #primary -->
<!-- This website is like a Rocket, isn't it? Performance optimized by WP Rocket. Learn more: https://wp-rocket.me -->